Skip to content

Commit

Permalink
azurerm_kubernetes_cluster - network_profile.network_policy suppo…
Browse files Browse the repository at this point in the history
…rts `cilium` (#23342)

* `azurerm_kubernetes_cluster` - `network_profile.network_policy` supports `cilium`

* remove forcenew
  • Loading branch information
ms-henglu authored Sep 26, 2023
1 parent 306859d commit 3d85505
Show file tree
Hide file tree
Showing 3 changed files with 145 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -222,6 +222,43 @@ func TestAccKubernetesCluster_advancedNetworkingAzureCalicoPolicy(t *testing.T)
})
}

func TestAccKubernetesCluster_advancedNetworkingAzureCiliumPolicy(t *testing.T) {
data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster", "test")
r := KubernetesClusterResource{}

data.ResourceTest(t, r, []acceptance.TestStep{
{
Config: r.advancedNetworkingWithCiliumPolicyConfig(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
),
},
data.ImportStep(),
})
}

func TestAccKubernetesCluster_advancedNetworkingAzureCiliumPolicyUpdate(t *testing.T) {
data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster", "test")
r := KubernetesClusterResource{}

data.ResourceTest(t, r, []acceptance.TestStep{
{
Config: r.advancedNetworkingWithOverlayConfig(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
),
},
data.ImportStep(),
{
Config: r.advancedNetworkingWithCiliumPolicyConfig(data),
Check: acceptance.ComposeTestCheckFunc(
check.That(data.ResourceName).ExistsInAzure(r),
),
},
data.ImportStep(),
})
}

func TestAccKubernetesCluster_advancedNetworkingAzureCalicoPolicyComplete(t *testing.T) {
data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster", "test")
r := KubernetesClusterResource{}
Expand Down Expand Up @@ -1428,6 +1465,109 @@ resource "azurerm_kubernetes_cluster" "test" {
`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger, data.RandomInteger, networkPlugin, networkPolicy)
}

func (KubernetesClusterResource) advancedNetworkingWithOverlayConfig(data acceptance.TestData) string {
return fmt.Sprintf(`
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "test" {
name = "acctestRG-aks-%[2]d"
location = "%[1]s"
}
resource "azurerm_virtual_network" "test" {
name = "acctestvirtnet%[2]d"
address_space = ["10.1.0.0/16"]
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
}
resource "azurerm_subnet" "test" {
name = "acctestsubnet%[2]d"
resource_group_name = azurerm_resource_group.test.name
virtual_network_name = azurerm_virtual_network.test.name
address_prefixes = ["10.1.0.0/24"]
}
resource "azurerm_kubernetes_cluster" "test" {
name = "acctestaks%[2]d"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
dns_prefix = "acctestaks%[2]d"
default_node_pool {
name = "default"
node_count = 2
vm_size = "Standard_DS2_v2"
vnet_subnet_id = azurerm_subnet.test.id
}
identity {
type = "SystemAssigned"
}
network_profile {
network_plugin = "azure"
ebpf_data_plane = "cilium"
network_plugin_mode = "overlay"
}
}
`, data.Locations.Primary, data.RandomInteger)
}

func (KubernetesClusterResource) advancedNetworkingWithCiliumPolicyConfig(data acceptance.TestData) string {
return fmt.Sprintf(`
provider "azurerm" {
features {}
}
resource "azurerm_resource_group" "test" {
name = "acctestRG-aks-%[2]d"
location = "%[1]s"
}
resource "azurerm_virtual_network" "test" {
name = "acctestvirtnet%[2]d"
address_space = ["10.1.0.0/16"]
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
}
resource "azurerm_subnet" "test" {
name = "acctestsubnet%[2]d"
resource_group_name = azurerm_resource_group.test.name
virtual_network_name = azurerm_virtual_network.test.name
address_prefixes = ["10.1.0.0/24"]
}
resource "azurerm_kubernetes_cluster" "test" {
name = "acctestaks%[2]d"
location = azurerm_resource_group.test.location
resource_group_name = azurerm_resource_group.test.name
dns_prefix = "acctestaks%[2]d"
default_node_pool {
name = "default"
node_count = 2
vm_size = "Standard_DS2_v2"
vnet_subnet_id = azurerm_subnet.test.id
}
identity {
type = "SystemAssigned"
}
network_profile {
network_plugin = "azure"
network_policy = "cilium"
ebpf_data_plane = "cilium"
network_plugin_mode = "overlay"
}
}
`, data.Locations.Primary, data.RandomInteger)
}

// nolint unparam
func (KubernetesClusterResource) advancedNetworkingWithPolicyCompleteConfig(data acceptance.TestData, networkPlugin string, networkPolicy string) string {
return fmt.Sprintf(`
Expand Down
5 changes: 4 additions & 1 deletion internal/services/containers/kubernetes_cluster_resource.go
Original file line number Diff line number Diff line change
Expand Up @@ -108,6 +108,9 @@ func resourceKubernetesCluster() *pluginsdk.Resource {
pluginsdk.ForceNewIfChange("network_profile.0.network_plugin_mode", func(ctx context.Context, _, new, meta interface{}) bool {
return !strings.EqualFold(new.(string), string(managedclusters.NetworkPluginModeOverlay))
}),
pluginsdk.ForceNewIfChange("network_profile.0.network_policy", func(ctx context.Context, old, new, meta interface{}) bool {
return old.(string) != "" || new.(string) != string(managedclusters.NetworkPolicyCilium)
}),
),

Timeouts: &pluginsdk.ResourceTimeout{
Expand Down Expand Up @@ -1049,10 +1052,10 @@ func resourceKubernetesCluster() *pluginsdk.Resource {
Type: pluginsdk.TypeString,
Optional: true,
Computed: true,
ForceNew: true,
ValidateFunc: validation.StringInSlice([]string{
string(managedclusters.NetworkPolicyCalico),
string(managedclusters.NetworkPolicyAzure),
string(managedclusters.NetworkPolicyCilium),
}, false),
},

Expand Down
2 changes: 1 addition & 1 deletion website/docs/r/kubernetes_cluster.html.markdown
Original file line number Diff line number Diff line change
Expand Up @@ -663,7 +663,7 @@ A `network_profile` block supports the following:

~> **Note:** This property can only be set when `network_plugin` is set to `azure`.

* `network_policy` - (Optional) Sets up network policy to be used with Azure CNI. [Network policy allows us to control the traffic flow between pods](https://docs.microsoft.com/azure/aks/use-network-policies). Currently supported values are `calico` and `azure`. Changing this forces a new resource to be created.
* `network_policy` - (Optional) Sets up network policy to be used with Azure CNI. [Network policy allows us to control the traffic flow between pods](https://docs.microsoft.com/azure/aks/use-network-policies). Currently supported values are `calico`, `azure` and `cilium`. Changing this forces a new resource to be created.

~> **Note:** When `network_policy` is set to `azure`, the `network_plugin` field can only be set to `azure`.

Expand Down

0 comments on commit 3d85505

Please sign in to comment.