diff --git a/azurerm/resource_arm_kubernetes_cluster.go b/azurerm/resource_arm_kubernetes_cluster.go index d126077beb28..eb161ce47692 100644 --- a/azurerm/resource_arm_kubernetes_cluster.go +++ b/azurerm/resource_arm_kubernetes_cluster.go @@ -551,7 +551,9 @@ func resourceArmKubernetesCluster() *schema.Resource { "node_resource_group": { Type: schema.TypeString, + Optional: true, Computed: true, + ForceNew: true, }, "api_server_authorized_ip_ranges": { @@ -623,6 +625,8 @@ func resourceArmKubernetesClusterCreateUpdate(d *schema.ResourceData, meta inter apiServerAuthorizedIPRangesRaw := d.Get("api_server_authorized_ip_ranges").(*schema.Set).List() apiServerAuthorizedIPRanges := utils.ExpandStringSlice(apiServerAuthorizedIPRangesRaw) + nodeResourceGroup := d.Get("node_resource_group").(string) + parameters := containerservice.ManagedCluster{ Name: &name, Location: &location, @@ -637,6 +641,7 @@ func resourceArmKubernetesClusterCreateUpdate(d *schema.ResourceData, meta inter LinuxProfile: linuxProfile, NetworkProfile: networkProfile, ServicePrincipalProfile: servicePrincipalProfile, + NodeResourceGroup: utils.String(nodeResourceGroup), }, Tags: expandTags(tags), } diff --git a/azurerm/resource_arm_kubernetes_cluster_test.go b/azurerm/resource_arm_kubernetes_cluster_test.go index fd5e5ae5cc6b..e6f799ed6d97 100644 --- a/azurerm/resource_arm_kubernetes_cluster_test.go +++ b/azurerm/resource_arm_kubernetes_cluster_test.go @@ -740,6 +740,33 @@ func TestAccAzureRMKubernetesCluster_nodeTaints(t *testing.T) { }) } +func TestAccAzureRMKubernetesCluster_nodeResourceGroup(t *testing.T) { + resourceName := "azurerm_kubernetes_cluster.test" + ri := tf.AccRandTimeInt() + clientId := os.Getenv("ARM_CLIENT_ID") + clientSecret := os.Getenv("ARM_CLIENT_SECRET") + config := testAccAzureRMKubernetesCluster_nodeResourceGroup(ri, clientId, clientSecret, testLocation()) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMKubernetesClusterDestroy, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMKubernetesClusterExists(resourceName), + ), + }, + { + ResourceName: resourceName, + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + func testCheckAzureRMKubernetesClusterExists(resourceName string) resource.TestCheckFunc { return func(s *terraform.State) error { // Ensure we have enough information in state to look up in API @@ -1744,3 +1771,32 @@ resource "azurerm_kubernetes_cluster" "test" { } `, rInt, location, rInt, rInt, clientId, clientSecret) } + +func testAccAzureRMKubernetesCluster_nodeResourceGroup(rInt int, clientId string, clientSecret string, location string) string { + return fmt.Sprintf(` +resource "azurerm_resource_group" "test" { + name = "acctestRG-%d" + location = "%s" +} + +resource "azurerm_kubernetes_cluster" "test" { + name = "acctestaks%d" + location = "${azurerm_resource_group.test.location}" + resource_group_name = "${azurerm_resource_group.test.name}" + dns_prefix = "acctestaks%d" + node_resource_group = "acctestRGAKS-%d" + + agent_pool_profile { + name = "default" + count = "1" + type = "VirtualMachineScaleSets" + vm_size = "Standard_DS2_v2" + } + + service_principal { + client_id = "%s" + client_secret = "%s" + } +} +`, rInt, location, rInt, rInt, rInt, clientId, clientSecret) +} diff --git a/website/docs/r/kubernetes_cluster.html.markdown b/website/docs/r/kubernetes_cluster.html.markdown index 7e2120fafb87..e3428d214e86 100644 --- a/website/docs/r/kubernetes_cluster.html.markdown +++ b/website/docs/r/kubernetes_cluster.html.markdown @@ -83,8 +83,37 @@ The following arguments are supported: --- +A `aci_connector_linux` block supports the following: + +* `enabled` - (Required) Is the virtual node addon enabled? + +* `subnet_name` - (Required) The subnet name for the virtual nodes to run. + +-> **Note:** AKS will add a delegation to the subnet named here. To prevent further runs from failing you should make sure that the subnet you create for virtual nodes has a delegation, like so. + +``` +resource "azurerm_subnet" "virtual" { + + ... + + delegation { + name = "aciDelegation" + service_delegation { + name = "Microsoft.ContainerInstance/containerGroups" + actions = ["Microsoft.Network/virtualNetworks/subnets/action"] + } + } +} +``` + +--- + * `addon_profile` - (Optional) A `addon_profile` block. +* `api_server_authorized_ip_ranges` - (Optional) The IP ranges to whitelist for incoming traffic to the masters. + +-> **NOTE:** `api_server_authorized_ip_ranges` Is currently in Preview on an opt-in basis. To use it, enable feature `APIServerSecurityPreview` for `namespace Microsoft.ContainerService`. For an example of how to enable a Preview feature, please visit [How to enable the Azure Firewall Public Preview](https://docs.microsoft.com/en-us/azure/firewall/public-preview) + * `kubernetes_version` - (Optional) Version of Kubernetes specified when creating the AKS managed cluster. If not specified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). * `linux_profile` - (Optional) A `linux_profile` block. @@ -95,9 +124,9 @@ The following arguments are supported: * `role_based_access_control` - (Optional) A `role_based_access_control` block. Changing this forces a new resource to be created. -* `api_server_authorized_ip_ranges` - (Optional) The IP ranges to whitelist for incoming traffic to the masters. +* `node_resource_group` - (Optional) The name of the Resource Group where the the Kubernetes Nodes should exist. Changing this forces a new resource to be created. --> **Note:** `api_server_authorized_ip_ranges` Is currently in Preview on an opt-in basis. To use it, enable feature `APIServerSecurityPreview` for `namespace Microsoft.ContainerService`. For an example of how to enable a Preview feature, please visit [How to enable the Azure Firewall Public Preview](https://docs.microsoft.com/en-us/azure/firewall/public-preview) +-> **NOTE:** Azure requires that a new, non-existent Resource Group is used, as otherwise the provisioning of the Kubernetes Service will fail. * `tags` - (Optional) A mapping of tags to assign to the resource. @@ -119,8 +148,6 @@ A `agent_pool_profile` block supports the following: * `vm_size` - (Required) The size of each VM in the Agent Pool (e.g. `Standard_F1`). Changing this forces a new resource to be created. -* `max_pods` - (Optional) The maximum number of pods that can run on each agent. - * `availability_zones` - (Optional) Availability zones for nodes. The property `type` of the `agent_pool_profile` must be set to `VirtualMachineScaleSets` in order to use availability zones. * `enable_auto_scaling` - (Optional) Whether to enable [auto-scaler](https://docs.microsoft.com/en-us/azure/aks/cluster-autoscaler). Note that auto scaling feature requires the that the `type` is set to `VirtualMachineScaleSets` @@ -129,19 +156,22 @@ A `agent_pool_profile` block supports the following: * `max_count` - (Optional) Maximum number of nodes for auto-scaling +* `max_pods` - (Optional) The maximum number of pods that can run on each agent. + * `os_disk_size_gb` - (Optional) The Agent Operating System disk size in GB. Changing this forces a new resource to be created. * `os_type` - (Optional) The Operating System used for the Agents. Possible values are `Linux` and `Windows`. Changing this forces a new resource to be created. Defaults to `Linux`. * `type` - (Optional) Type of the Agent Pool. Possible values are `AvailabilitySet` and `VirtualMachineScaleSets`. Changing this forces a new resource to be created. Defaults to `AvailabilitySet`. -~> **Note:** Support for the `type` of `VirtualMachineScaleSets` is currently in Public Preview on an opt-in basis. To use it, enable feature `VMSSPreview` for `namespace Microsoft.ContainerService`. For an example of how to enable a Preview feature, please visit [Register scale set feature provider](https://docs.microsoft.com/en-us/azure/aks/cluster-autoscaler#register-scale-set-feature-provider). +~> **NOTE:** Support for the `type` of `VirtualMachineScaleSets` is currently in Public Preview on an opt-in basis. To use it, enable feature `VMSSPreview` for `namespace Microsoft.ContainerService`. For an example of how to enable a Preview feature, please visit [Register scale set feature provider](https://docs.microsoft.com/en-us/azure/aks/cluster-autoscaler#register-scale-set-feature-provider). * `vnet_subnet_id` - (Optional) The ID of the Subnet where the Agents in the Pool should be provisioned. Changing this forces a new resource to be created. ~> **NOTE:** A route table should be configured on this Subnet. * `node_taints` - (Optional) A list of Kubernetes taints which should be applied to nodes in the agent pool (e.g `key=value:NoSchedule`) + --- A `azure_active_directory` block supports the following: @@ -200,31 +230,6 @@ A `oms_agent` block supports the following: --- -A `aci_connector_linux` block supports the following: - -* `enabled` - (Required) Is the virtual node addon enabled? - -* `subnet_name` - (Required) The subnet name for the virtual nodes to run. - --> **Note:** AKS will add a delegation to the subnet named here. To prevent further runs from failing you should make sure that the subnet you create for virtual nodes has a delegation, like so. - -``` -resource "azurerm_subnet" "virtual" { - - ... - - delegation { - name = "aciDelegation" - service_delegation { - name = "Microsoft.ContainerInstance/containerGroups" - actions = ["Microsoft.Network/virtualNetworks/subnets/action"] - } - } -} -``` - ---- - A `role_based_access_control` block supports the following: * `azure_active_directory` - (Optional) An `azure_active_directory` block. Changing this forces a new resource to be created.