diff --git a/azurerm/internal/services/containers/data_source_kubernetes_cluster.go b/azurerm/internal/services/containers/data_source_kubernetes_cluster.go index d40afd6bdcc4..df0d72b6ca89 100644 --- a/azurerm/internal/services/containers/data_source_kubernetes_cluster.go +++ b/azurerm/internal/services/containers/data_source_kubernetes_cluster.go @@ -212,8 +212,18 @@ func dataSourceArmKubernetesCluster() *schema.Resource { }, "private_link_enabled": { - Type: schema.TypeBool, - Computed: true, + Type: schema.TypeBool, + Computed: true, + Optional: true, + ConflictsWith: []string{"enable_private_cluster"}, + Deprecated: "Deprecated in favor of `enable_private_cluster`", // TODO -- remove this in next major version + }, + + "enable_private_cluster": { + Type: schema.TypeBool, + Optional: true, + Computed: true, // TODO -- remove this when deprecation resolves + ConflictsWith: []string{"private_link_enabled"}, }, "private_fqdn": { @@ -493,6 +503,7 @@ func dataSourceArmKubernetesClusterRead(d *schema.ResourceData, meta interface{} } d.Set("private_link_enabled", accessProfile.EnablePrivateCluster) + d.Set("enable_private_cluster", accessProfile.EnablePrivateCluster) } addonProfiles := flattenKubernetesClusterDataSourceAddonProfiles(props.AddonProfiles) diff --git a/azurerm/internal/services/containers/resource_arm_kubernetes_cluster.go b/azurerm/internal/services/containers/resource_arm_kubernetes_cluster.go index 9d8e64c6bf1a..fe76df29c3fa 100644 --- a/azurerm/internal/services/containers/resource_arm_kubernetes_cluster.go +++ b/azurerm/internal/services/containers/resource_arm_kubernetes_cluster.go @@ -298,9 +298,20 @@ func resourceArmKubernetesCluster() *schema.Resource { }, "private_link_enabled": { - Type: schema.TypeBool, - Optional: true, - ForceNew: true, + Type: schema.TypeBool, + Optional: true, + ForceNew: true, + Computed: true, + ConflictsWith: []string{"enable_private_cluster"}, + Deprecated: "Deprecated in favor of `enable_private_cluster`", // TODO -- remove this in next major version + }, + + "enable_private_cluster": { + Type: schema.TypeBool, + Optional: true, + ForceNew: true, + Computed: true, // TODO -- remove this when deprecation resolves + ConflictsWith: []string{"private_link_enabled"}, }, "role_based_access_control": { @@ -559,10 +570,16 @@ func resourceArmKubernetesClusterCreate(d *schema.ResourceData, meta interface{} apiServerAuthorizedIPRangesRaw := d.Get("api_server_authorized_ip_ranges").(*schema.Set).List() apiServerAuthorizedIPRanges := utils.ExpandStringSlice(apiServerAuthorizedIPRangesRaw) - enablePrivateLink := d.Get("private_link_enabled").(bool) + enablePrivateCluster := false + if v, ok := d.GetOk("private_link_enabled"); ok { + enablePrivateCluster = v.(bool) + } + if v, ok := d.GetOk("enable_private_cluster"); ok { + enablePrivateCluster = v.(bool) + } apiAccessProfile := containerservice.ManagedClusterAPIServerAccessProfile{ - EnablePrivateCluster: &enablePrivateLink, + EnablePrivateCluster: &enablePrivateCluster, AuthorizedIPRanges: apiServerAuthorizedIPRanges, } @@ -743,7 +760,14 @@ func resourceArmKubernetesClusterUpdate(d *schema.ResourceData, meta interface{} if d.HasChange("api_server_authorized_ip_ranges") { updateCluster = true apiServerAuthorizedIPRangesRaw := d.Get("api_server_authorized_ip_ranges").(*schema.Set).List() - enablePrivateCluster := d.Get("private_link_enabled").(bool) + + enablePrivateCluster := false + if v, ok := d.GetOk("private_link_enabled"); ok { + enablePrivateCluster = v.(bool) + } + if v, ok := d.GetOk("enable_private_cluster"); ok { + enablePrivateCluster = v.(bool) + } existing.ManagedClusterProperties.APIServerAccessProfile = &containerservice.ManagedClusterAPIServerAccessProfile{ AuthorizedIPRanges: utils.ExpandStringSlice(apiServerAuthorizedIPRangesRaw), EnablePrivateCluster: &enablePrivateCluster, @@ -906,6 +930,7 @@ func resourceArmKubernetesClusterRead(d *schema.ResourceData, meta interface{}) } d.Set("private_link_enabled", accessProfile.EnablePrivateCluster) + d.Set("enable_private_cluster", accessProfile.EnablePrivateCluster) } addonProfiles := flattenKubernetesAddOnProfiles(props.AddonProfiles) diff --git a/azurerm/internal/services/containers/tests/data_source_kubernetes_cluster_test.go b/azurerm/internal/services/containers/tests/data_source_kubernetes_cluster_test.go index 42e65f886df8..7078d6c9fce8 100644 --- a/azurerm/internal/services/containers/tests/data_source_kubernetes_cluster_test.go +++ b/azurerm/internal/services/containers/tests/data_source_kubernetes_cluster_test.go @@ -42,12 +42,12 @@ func testAccDataSourceAzureRMKubernetesCluster_basic(t *testing.T) { }) } -func TestAccDataSourceAzureRMKubernetesCluster_privateLink(t *testing.T) { +func TestAccDataSourceAzureRMKubernetesCluster_privateCluster(t *testing.T) { checkIfShouldRunTestsIndividually(t) - testAccDataSourceAzureRMKubernetesCluster_privateLink(t) + testAccDataSourceAzureRMKubernetesCluster_privateCluster(t) } -func testAccDataSourceAzureRMKubernetesCluster_privateLink(t *testing.T) { +func testAccDataSourceAzureRMKubernetesCluster_privateCluster(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster", "test") resource.Test(t, resource.TestCase{ @@ -56,11 +56,11 @@ func testAccDataSourceAzureRMKubernetesCluster_privateLink(t *testing.T) { CheckDestroy: testCheckAzureRMKubernetesClusterDestroy, Steps: []resource.TestStep{ { - Config: testAccAzureRMKubernetesCluster_privateLinkConfig(data, true), + Config: testAccAzureRMKubernetesCluster_privateClusterConfig(data, true), Check: resource.ComposeTestCheckFunc( testCheckAzureRMKubernetesClusterExists(data.ResourceName), resource.TestCheckResourceAttrSet(data.ResourceName, "private_fqdn"), - resource.TestCheckResourceAttr(data.ResourceName, "private_link_enabled", "true"), + resource.TestCheckResourceAttr(data.ResourceName, "enable_private_cluster", "true"), ), }, data.ImportStep("service_principal.0.client_secret"), diff --git a/azurerm/internal/services/containers/tests/resource_arm_kubernetes_cluster_network_test.go b/azurerm/internal/services/containers/tests/resource_arm_kubernetes_cluster_network_test.go index 209c1a71948b..d58f59369229 100644 --- a/azurerm/internal/services/containers/tests/resource_arm_kubernetes_cluster_network_test.go +++ b/azurerm/internal/services/containers/tests/resource_arm_kubernetes_cluster_network_test.go @@ -330,12 +330,12 @@ func testAccAzureRMKubernetesCluster_outboundTypeUserDefinedRouting(t *testing.T }) } -func TestAccAzureRMKubernetesCluster_privateLinkOn(t *testing.T) { +func TestAccAzureRMKubernetesCluster_privateClusterOn(t *testing.T) { checkIfShouldRunTestsIndividually(t) - testAccAzureRMKubernetesCluster_privateLinkOn(t) + testAccAzureRMKubernetesCluster_privateClusterOn(t) } -func testAccAzureRMKubernetesCluster_privateLinkOn(t *testing.T) { +func testAccAzureRMKubernetesCluster_privateClusterOn(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster", "test") resource.ParallelTest(t, resource.TestCase{ @@ -344,11 +344,11 @@ func testAccAzureRMKubernetesCluster_privateLinkOn(t *testing.T) { CheckDestroy: testCheckAzureRMKubernetesClusterDestroy, Steps: []resource.TestStep{ { - Config: testAccAzureRMKubernetesCluster_privateLinkConfig(data, true), + Config: testAccAzureRMKubernetesCluster_privateClusterConfig(data, true), Check: resource.ComposeTestCheckFunc( testCheckAzureRMKubernetesClusterExists(data.ResourceName), resource.TestCheckResourceAttrSet(data.ResourceName, "private_fqdn"), - resource.TestCheckResourceAttr(data.ResourceName, "private_link_enabled", "true"), + resource.TestCheckResourceAttr(data.ResourceName, "enable_private_cluster", "true"), ), }, data.ImportStep(), @@ -356,12 +356,12 @@ func testAccAzureRMKubernetesCluster_privateLinkOn(t *testing.T) { }) } -func TestAccAzureRMKubernetesCluster_privateLinkOff(t *testing.T) { +func TestAccAzureRMKubernetesCluster_privateClusterOff(t *testing.T) { checkIfShouldRunTestsIndividually(t) - testAccAzureRMKubernetesCluster_privateLinkOff(t) + testAccAzureRMKubernetesCluster_privateClusterOff(t) } -func testAccAzureRMKubernetesCluster_privateLinkOff(t *testing.T) { +func testAccAzureRMKubernetesCluster_privateClusterOff(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster", "test") resource.ParallelTest(t, resource.TestCase{ @@ -370,10 +370,10 @@ func testAccAzureRMKubernetesCluster_privateLinkOff(t *testing.T) { CheckDestroy: testCheckAzureRMKubernetesClusterDestroy, Steps: []resource.TestStep{ { - Config: testAccAzureRMKubernetesCluster_privateLinkConfig(data, false), + Config: testAccAzureRMKubernetesCluster_privateClusterConfig(data, false), Check: resource.ComposeTestCheckFunc( testCheckAzureRMKubernetesClusterExists(data.ResourceName), - resource.TestCheckResourceAttr(data.ResourceName, "private_link_enabled", "false"), + resource.TestCheckResourceAttr(data.ResourceName, "enable_private_cluster", "false"), ), }, data.ImportStep(), @@ -1014,7 +1014,7 @@ resource "azurerm_kubernetes_cluster" "test" { `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger) } -func testAccAzureRMKubernetesCluster_privateLinkConfig(data acceptance.TestData, enablePrivateLink bool) string { +func testAccAzureRMKubernetesCluster_privateClusterConfig(data acceptance.TestData, enablePrivateCluster bool) string { return fmt.Sprintf(` provider "azurerm" { features {} @@ -1026,11 +1026,11 @@ resource "azurerm_resource_group" "test" { } resource "azurerm_kubernetes_cluster" "test" { - name = "acctestaks%d" - location = azurerm_resource_group.test.location - resource_group_name = azurerm_resource_group.test.name - dns_prefix = "acctestaks%d" - private_link_enabled = %t + name = "acctestaks%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + dns_prefix = "acctestaks%d" + enable_private_cluster = %t linux_profile { admin_username = "acctestuser%d" @@ -1055,7 +1055,7 @@ resource "azurerm_kubernetes_cluster" "test" { load_balancer_sku = "standard" } } -`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, enablePrivateLink, data.RandomInteger) +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, enablePrivateCluster, data.RandomInteger) } func testAccAzureRMKubernetesCluster_standardLoadBalancerConfig(data acceptance.TestData) string { diff --git a/azurerm/internal/services/containers/tests/resource_arm_kubernetes_cluster_test.go b/azurerm/internal/services/containers/tests/resource_arm_kubernetes_cluster_test.go index dcd02eedd7b9..153b954f52b6 100644 --- a/azurerm/internal/services/containers/tests/resource_arm_kubernetes_cluster_test.go +++ b/azurerm/internal/services/containers/tests/resource_arm_kubernetes_cluster_test.go @@ -91,8 +91,8 @@ func TestAccAzureRMKubernetes_all(t *testing.T) { "windowsProfile": testAccAzureRMKubernetesCluster_windowsProfile, "outboundTypeLoadBalancer": testAccAzureRMKubernetesCluster_outboundTypeLoadBalancer, "outboundTypeUserDefinedRouting": testAccAzureRMKubernetesCluster_outboundTypeUserDefinedRouting, - "privateLinkOn": testAccAzureRMKubernetesCluster_privateLinkOn, - "privateLinkOff": testAccAzureRMKubernetesCluster_privateLinkOff, + "privateClusterOn": testAccAzureRMKubernetesCluster_privateClusterOn, + "privateClusterOff": testAccAzureRMKubernetesCluster_privateClusterOff, }, "scaling": { "addAgent": testAccAzureRMKubernetesCluster_addAgent, @@ -127,7 +127,7 @@ func TestAccAzureRMKubernetes_all(t *testing.T) { "nodeLabels": testAccDataSourceAzureRMKubernetesCluster_nodeLabels, "nodeTaints": testAccDataSourceAzureRMKubernetesCluster_nodeTaints, "enableNodePublicIP": testAccDataSourceAzureRMKubernetesCluster_enableNodePublicIP, - "privateLink": testAccDataSourceAzureRMKubernetesCluster_privateLink, + "privateCluster": testAccDataSourceAzureRMKubernetesCluster_privateCluster, }, } diff --git a/website/docs/d/kubernetes_cluster.html.markdown b/website/docs/d/kubernetes_cluster.html.markdown index e8dd73d14e57..234f2b1bf541 100644 --- a/website/docs/d/kubernetes_cluster.html.markdown +++ b/website/docs/d/kubernetes_cluster.html.markdown @@ -62,9 +62,7 @@ The following attributes are exported: * `kubernetes_version` - The version of Kubernetes used on the managed Kubernetes Cluster. -* `private_link_enabled` - Does this Kubernetes Cluster have the Kubernetes API exposed via Private Link? - --> **NOTE:** At this time Private Link is in Public Preview +* `enable_private_cluster` - If the cluster has the Kubernetes API only exposed on internal IP addresses. * `location` - The Azure Region in which the managed Kubernetes Cluster exists. diff --git a/website/docs/r/kubernetes_cluster.html.markdown b/website/docs/r/kubernetes_cluster.html.markdown index d973a01d256d..a72e226fcca4 100644 --- a/website/docs/r/kubernetes_cluster.html.markdown +++ b/website/docs/r/kubernetes_cluster.html.markdown @@ -100,9 +100,7 @@ In addition, one of either `identity` or `service_principal` must be specified. -> **NOTE:** Azure requires that a new, non-existent Resource Group is used, as otherwise the provisioning of the Kubernetes Service will fail. -* `private_link_enabled` Should this Kubernetes Cluster have Private Link Enabled? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to `false`. Changing this forces a new resource to be created. - --> **NOTE:** At this time Private Link is in Public Preview. For an example of how to enable a Preview feature, please visit [Private Azure Kubernetes Service cluster](https://docs.microsoft.com/en-gb/azure/aks/private-clusters) +* `enable_private_cluster` Should this Kubernetes Cluster have it's API server only exposed on internal IP addresses? This provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. Defaults to `false`. Changing this forces a new resource to be created. * `role_based_access_control` - (Optional) A `role_based_access_control` block. Changing this forces a new resource to be created.