Azure · lonegunmanb · Mar 15, 2024 · Mar 29, 2024
diff --git a/README.md b/README.md
diff --git a/extra_node_pool.tf b/extra_node_pool.tf
@@ -118,7 +118,18 @@ resource "azurerm_kubernetes_cluster_node_pool" "node_pool_create_before_destroy
     for_each = each.value.node_network_profile == null ? [] : ["node_network_profile"]
 
     content {
-      node_public_ip_tags = each.value.node_network_profile.node_public_ip_tags
+      application_security_group_ids = each.value.application_security_group_ids
+      node_public_ip_tags            = each.value.node_network_profile.node_public_ip_tags
+
+      dynamic "allowed_host_ports" {
+        for_each = each.value.allowed_host_ports
+
+        content {
+          port_start = allowed_host_ports.value.port_start
+          port_end   = allowed_host_ports.value.port_end
+          protocol   = allowed_host_ports.value.protocol
+        }
+      }
     }
   }
   dynamic "upgrade_settings" {
@@ -276,7 +287,18 @@ resource "azurerm_kubernetes_cluster_node_pool" "node_pool_create_after_destroy"
     for_each = each.value.node_network_profile == null ? [] : ["node_network_profile"]
 
     content {
-      node_public_ip_tags = each.value.node_network_profile.node_public_ip_tags
+      application_security_group_ids = each.value.application_security_group_ids
+      node_public_ip_tags            = each.value.node_network_profile.node_public_ip_tags
+
+      dynamic "allowed_host_ports" {
+        for_each = each.value.allowed_host_ports
+
+        content {
+          port_start = allowed_host_ports.value.port_start
+          port_end   = allowed_host_ports.value.port_end
+          protocol   = allowed_host_ports.value.protocol
+        }
+      }
     }
   }
   dynamic "upgrade_settings" {

diff --git a/main.tf b/main.tf
@@ -142,6 +142,13 @@ resource "azurerm_kubernetes_cluster" "main" {
           }
         }
       }
+      dynamic "node_network_profile" {
+        for_each = var.agents_pool_node_network_profile == null ? [] : ["node_network_profile"]
+
+        content {
+          node_public_ip_tags = var.agents_pool_node_network_profile.node_public_ip_tags
+        }
+      }
       dynamic "upgrade_settings" {
         for_each = var.agents_pool_max_surge == null ? [] : ["upgrade_settings"]
 
@@ -243,6 +250,13 @@ resource "azurerm_kubernetes_cluster" "main" {
           }
         }
       }
+      dynamic "node_network_profile" {
+        for_each = var.agents_pool_node_network_profile == null ? [] : ["node_network_profile"]
+
+        content {
+          node_public_ip_tags = var.agents_pool_node_network_profile.node_public_ip_tags
+        }
+      }
       dynamic "upgrade_settings" {
         for_each = var.agents_pool_max_surge == null ? [] : ["upgrade_settings"]
 

diff --git a/variables.tf b/variables.tf
@@ -945,7 +945,13 @@ variable "node_pools" {
     mode               = optional(string, "User")
     min_count          = optional(number)
     node_network_profile = optional(object({
-      node_public_ip_tags = optional(map(string))
+      application_security_group_ids = optional(list(string))
+      node_public_ip_tags            = optional(map(string))
+      allowed_host_ports = optional(list(object({
+        port_end   = optional(number)
+        port_start = optional(number)
+        protocol   = optional(string)
+      })), [])
     }))
     node_labels                  = optional(map(string))
     node_public_ip_prefix_id     = optional(string)
@@ -1045,7 +1051,13 @@ variable "node_pools" {
     mode               = (Optional) Should this Node Pool be used for System or User resources? Possible values are `System` and `User`. Defaults to `User`.
     min_count          = (Optional) The minimum number of nodes which should exist within this Node Pool. Valid values are between `0` and `1000` and must be less than or equal to `max_count`.
     node_network_profile = optional(object({
-      node_public_ip_tags = (Optional) Specifies a mapping of tags to the instance-level public IPs. Changing this forces a new resource to be created.
+      application_security_group_ids =  (Optional) A list of Application Security Group IDs which should be associated with this Node Pool.
+      node_public_ip_tags            =  (Optional) Specifies a mapping of tags to the instance-level public IPs. Changing this forces a new resource to be created.
+      allowed_host_ports = optional(list(object({
+        port_end   = (Optional) Specifies the end of the port range.
+        port_start = (Optional) Specifies the start of the port range.
+        protocol   = (Optional) Specifies the protocol of the port range. Possible values are `TCP` and `UDP`.
+      })))
     }))
     node_labels                  = (Optional) A map of Kubernetes labels which should be applied to nodes in this Node Pool.
     node_public_ip_prefix_id     = (Optional) Resource ID for the Public IP Addresses Prefix for the nodes in this Node Pool. `enable_node_public_ip` should be `true`. Changing this forces a new resource to be created.
@@ -1394,3 +1406,15 @@ variable "workload_identity_enabled" {
   default     = false
   description = "Enable or Disable Workload Identity. Defaults to false."
 }
+
+variable "agents_pool_node_network_profile" {
+  type = object({
+    node_public_ip_tags = optional(map(string))
+  })
+  default     = null
+  description = <<-EOT
+   ---
+ `node_network_profile` block supports the following:
+ - `node_public_ip_tags` - (Optional) Specifies a mapping of tags to the instance-level public IPs. Changing this forces a new resource to be created.
+EOT
+}