From 7bba7f05e9385bbe82f467d70c4868817e049c84 Mon Sep 17 00:00:00 2001
From: "rick.stokkingreef" <rick.stokkingreef@hotjar.com>
Date: Thu, 16 May 2024 15:26:18 +0200
Subject: [PATCH 1/2] chore: Add support to specify ip_versions in network
 profile

---
 README.md    | 1 +
 main.tf      | 1 +
 variables.tf | 6 ++++++
 3 files changed, 8 insertions(+)

diff --git a/README.md b/README.md
index 37ac1fcc..a5c3931c 100644
--- a/README.md
+++ b/README.md
@@ -355,6 +355,7 @@ No modules.
 | <a name="input_monitor_metrics"></a> [monitor\_metrics](#input\_monitor\_metrics) | (Optional) Specifies a Prometheus add-on profile for the Kubernetes Cluster<br>object({<br>  annotations\_allowed = "(Optional) Specifies a comma-separated list of Kubernetes annotation keys that will be used in the resource's labels metric."<br>  labels\_allowed      = "(Optional) Specifies a Comma-separated list of additional Kubernetes label keys that will be used in the resource's labels metric."<br>}) | <pre>object({<br>    annotations_allowed = optional(string)<br>    labels_allowed      = optional(string)<br>  })</pre> | `null` | no |
 | <a name="input_msi_auth_for_monitoring_enabled"></a> [msi\_auth\_for\_monitoring\_enabled](#input\_msi\_auth\_for\_monitoring\_enabled) | (Optional) Is managed identity authentication for monitoring enabled? | `bool` | `null` | no |
 | <a name="input_net_profile_dns_service_ip"></a> [net\_profile\_dns\_service\_ip](#input\_net\_profile\_dns\_service\_ip) | (Optional) IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Changing this forces a new resource to be created. | `string` | `null` | no |
+| <a name="input_net_profile_ip_versions"></a> [net\_profile\_ip\_versions](#input\_net\_profile\_ip\_versions) | (Optional) Specifies a list of IP versions the Kubernetes Cluster will use to assign IP addresses to its nodes and pods. Possible values are IPv4 and/or IPv6. IPv4 must always be specified. Changing this forces a new resource to be created. | `set(string)` | `null` | no |
 | <a name="input_net_profile_outbound_type"></a> [net\_profile\_outbound\_type](#input\_net\_profile\_outbound\_type) | (Optional) The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are loadBalancer and userDefinedRouting. Defaults to loadBalancer. | `string` | `"loadBalancer"` | no |
 | <a name="input_net_profile_pod_cidr"></a> [net\_profile\_pod\_cidr](#input\_net\_profile\_pod\_cidr) | (Optional) The CIDR to use for pod IP addresses. This field can only be set when network\_plugin is set to kubenet. Changing this forces a new resource to be created. | `string` | `null` | no |
 | <a name="input_net_profile_service_cidr"></a> [net\_profile\_service\_cidr](#input\_net\_profile\_service\_cidr) | (Optional) The Network Range used by the Kubernetes service. Changing this forces a new resource to be created. | `string` | `null` | no |
diff --git a/main.tf b/main.tf
index 30d383f8..4eeeacb8 100644
--- a/main.tf
+++ b/main.tf
@@ -473,6 +473,7 @@ resource "azurerm_kubernetes_cluster" "main" {
     outbound_type       = var.net_profile_outbound_type
     pod_cidr            = var.net_profile_pod_cidr
     service_cidr        = var.net_profile_service_cidr
+    ip_versions         = var.net_profile_ip_versions
 
     dynamic "load_balancer_profile" {
       for_each = var.load_balancer_profile_enabled && var.load_balancer_sku == "standard" ? [
diff --git a/variables.tf b/variables.tf
index 32118034..252de2e2 100644
--- a/variables.tf
+++ b/variables.tf
@@ -843,6 +843,12 @@ variable "net_profile_service_cidr" {
   description = "(Optional) The Network Range used by the Kubernetes service. Changing this forces a new resource to be created."
 }
 
+variable "net_profile_ip_versions" {
+  type        = set(string)
+  default     = null
+  description = "(Optional) Specifies a list of IP versions the Kubernetes Cluster will use to assign IP addresses to its nodes and pods. Possible values are IPv4 and/or IPv6. IPv4 must always be specified. Changing this forces a new resource to be created."
+}
+
 variable "network_contributor_role_assigned_subnet_ids" {
   type        = map(string)
   default     = {}

From 8f29a58cf52b8708e3c5c9cae19c18f22c716863 Mon Sep 17 00:00:00 2001
From: "rick.stokkingreef" <rick.stokkingreef@hotjar.com>
Date: Thu, 16 May 2024 16:29:59 +0200
Subject: [PATCH 2/2] Add support for cidr lists

---
 README.md    |  2 ++
 main.tf      |  2 ++
 variables.tf | 14 +++++++++++++-
 3 files changed, 17 insertions(+), 1 deletion(-)

diff --git a/README.md b/README.md
index a5c3931c..d80d099f 100644
--- a/README.md
+++ b/README.md
@@ -358,7 +358,9 @@ No modules.
 | <a name="input_net_profile_ip_versions"></a> [net\_profile\_ip\_versions](#input\_net\_profile\_ip\_versions) | (Optional) Specifies a list of IP versions the Kubernetes Cluster will use to assign IP addresses to its nodes and pods. Possible values are IPv4 and/or IPv6. IPv4 must always be specified. Changing this forces a new resource to be created. | `set(string)` | `null` | no |
 | <a name="input_net_profile_outbound_type"></a> [net\_profile\_outbound\_type](#input\_net\_profile\_outbound\_type) | (Optional) The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are loadBalancer and userDefinedRouting. Defaults to loadBalancer. | `string` | `"loadBalancer"` | no |
 | <a name="input_net_profile_pod_cidr"></a> [net\_profile\_pod\_cidr](#input\_net\_profile\_pod\_cidr) | (Optional) The CIDR to use for pod IP addresses. This field can only be set when network\_plugin is set to kubenet. Changing this forces a new resource to be created. | `string` | `null` | no |
+| <a name="input_net_profile_pod_cidrs"></a> [net\_profile\_pod\_cidrs](#input\_net\_profile\_pod\_cidrs) | (Optional) A list of CIDRs to use for pod IP addresses. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created. | `set(string)` | `null` | no |
 | <a name="input_net_profile_service_cidr"></a> [net\_profile\_service\_cidr](#input\_net\_profile\_service\_cidr) | (Optional) The Network Range used by the Kubernetes service. Changing this forces a new resource to be created. | `string` | `null` | no |
+| <a name="input_net_profile_service_cidrs"></a> [net\_profile\_service\_cidrs](#input\_net\_profile\_service\_cidrs) | (Optional) A list of CIDRs to use for Kubernetes services. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created. | `set(string)` | `null` | no |
 | <a name="input_network_contributor_role_assigned_subnet_ids"></a> [network\_contributor\_role\_assigned\_subnet\_ids](#input\_network\_contributor\_role\_assigned\_subnet\_ids) | Create role assignments for the AKS Service Principal to be a Network Contributor on the subnets used for the AKS Cluster, key should be static string, value should be subnet's id | `map(string)` | `{}` | no |
 | <a name="input_network_plugin"></a> [network\_plugin](#input\_network\_plugin) | Network plugin to use for networking. | `string` | `"kubenet"` | no |
 | <a name="input_network_plugin_mode"></a> [network\_plugin\_mode](#input\_network\_plugin\_mode) | (Optional) Specifies the network plugin mode used for building the Kubernetes network. Possible value is `Overlay`. Changing this forces a new resource to be created. | `string` | `null` | no |
diff --git a/main.tf b/main.tf
index 4eeeacb8..3f27f710 100644
--- a/main.tf
+++ b/main.tf
@@ -472,7 +472,9 @@ resource "azurerm_kubernetes_cluster" "main" {
     network_policy      = var.network_policy
     outbound_type       = var.net_profile_outbound_type
     pod_cidr            = var.net_profile_pod_cidr
+    pod_cidrs           = var.net_profile_pod_cidrs
     service_cidr        = var.net_profile_service_cidr
+    service_cidrs       = var.net_profile_service_cidrs
     ip_versions         = var.net_profile_ip_versions
 
     dynamic "load_balancer_profile" {
diff --git a/variables.tf b/variables.tf
index 252de2e2..bf6e2fee 100644
--- a/variables.tf
+++ b/variables.tf
@@ -834,7 +834,13 @@ variable "net_profile_outbound_type" {
 variable "net_profile_pod_cidr" {
   type        = string
   default     = null
-  description = " (Optional) The CIDR to use for pod IP addresses. This field can only be set when network_plugin is set to kubenet. Changing this forces a new resource to be created."
+  description = "(Optional) The CIDR to use for pod IP addresses. This field can only be set when network_plugin is set to kubenet. Changing this forces a new resource to be created."
+}
+
+variable "net_profile_pod_cidrs" {
+  type        = set(string)
+  default     = null
+  description = "(Optional) A list of CIDRs to use for pod IP addresses. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created."
 }
 
 variable "net_profile_service_cidr" {
@@ -843,6 +849,12 @@ variable "net_profile_service_cidr" {
   description = "(Optional) The Network Range used by the Kubernetes service. Changing this forces a new resource to be created."
 }
 
+variable "net_profile_service_cidrs" {
+  type        = set(string)
+  default     = null
+  description = "(Optional) A list of CIDRs to use for Kubernetes services. For single-stack networking a single IPv4 CIDR is expected. For dual-stack networking an IPv4 and IPv6 CIDR are expected. Changing this forces a new resource to be created."
+}
+
 variable "net_profile_ip_versions" {
   type        = set(string)
   default     = null