From bc7d9f4f0f534c58fdf65fc7f78341715e106d4d Mon Sep 17 00:00:00 2001 From: stephybun Date: Wed, 12 Apr 2023 10:04:14 +0200 Subject: [PATCH] `azurerm_kubernetes_cluster` - set value of `enable_host_encryption` on `default_node_pool` when resizing (#21379) * set value of host encryption on node pool when resizing * add preview note for enable_host_encryption --- ...ubernetes_cluster_scaling_resource_test.go | 39 ++++++++++++++++++- .../containers/kubernetes_nodepool.go | 1 + .../docs/r/kubernetes_cluster.html.markdown | 2 + 3 files changed, 41 insertions(+), 1 deletion(-) diff --git a/internal/services/containers/kubernetes_cluster_scaling_resource_test.go b/internal/services/containers/kubernetes_cluster_scaling_resource_test.go index aa7e749b3819..a852dfd5396a 100644 --- a/internal/services/containers/kubernetes_cluster_scaling_resource_test.go +++ b/internal/services/containers/kubernetes_cluster_scaling_resource_test.go @@ -21,7 +21,7 @@ func TestAccKubernetesCluster_updateVmSize(t *testing.T) { data.ResourceTest(t, r, []acceptance.TestStep{ { - Config: r.basic(data), + Config: r.withHostEncryption(data), Check: acceptance.ComposeTestCheckFunc( check.That(data.ResourceName).ExistsInAzure(r), ), @@ -422,6 +422,42 @@ resource "azurerm_kubernetes_cluster" "test" { `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) } +func (KubernetesClusterResource) withHostEncryption(data acceptance.TestData) string { + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-aks-%d" + location = "%s" +} + +resource "azurerm_kubernetes_cluster" "test" { + name = "acctestaks%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + dns_prefix = "acctestaks%d" + + default_node_pool { + name = "default" + node_count = 1 + vm_size = "Standard_DS2_v2" + enable_host_encryption = true + } + + identity { + type = "SystemAssigned" + } + + network_profile { + network_plugin = "kubenet" + load_balancer_sku = "standard" + } +} +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) +} + func (KubernetesClusterResource) basicWithTempName(data acceptance.TestData) string { return fmt.Sprintf(` provider "azurerm" { @@ -480,6 +516,7 @@ resource "azurerm_kubernetes_cluster" "test" { temporary_name_for_rotation = "temp" node_count = 1 vm_size = "%s" + enable_host_encryption = true } identity { diff --git a/internal/services/containers/kubernetes_nodepool.go b/internal/services/containers/kubernetes_nodepool.go index 79fd288105b4..8ff3922733f2 100644 --- a/internal/services/containers/kubernetes_nodepool.go +++ b/internal/services/containers/kubernetes_nodepool.go @@ -671,6 +671,7 @@ func ConvertDefaultNodePoolToAgentPool(input *[]managedclusters.ManagedClusterAg MinCount: defaultCluster.MinCount, EnableAutoScaling: defaultCluster.EnableAutoScaling, EnableCustomCATrust: defaultCluster.EnableCustomCATrust, + EnableEncryptionAtHost: defaultCluster.EnableEncryptionAtHost, EnableFIPS: defaultCluster.EnableFIPS, OrchestratorVersion: defaultCluster.OrchestratorVersion, ProximityPlacementGroupID: defaultCluster.ProximityPlacementGroupID, diff --git a/website/docs/r/kubernetes_cluster.html.markdown b/website/docs/r/kubernetes_cluster.html.markdown index 440a23423f03..802e22ca6344 100644 --- a/website/docs/r/kubernetes_cluster.html.markdown +++ b/website/docs/r/kubernetes_cluster.html.markdown @@ -374,6 +374,8 @@ A `default_node_pool` block supports the following: * `enable_host_encryption` - (Optional) Should the nodes in the Default Node Pool have host encryption enabled? Changing this forces a new resource to be created. +-> **Note:** This requires that the Preview Feature `Microsoft.ContainerService/EnableEncryptionAtHostPreview` is enabled and the Resource Provider is re-registered. + * `enable_node_public_ip` - (Optional) Should nodes in this Node Pool have a Public IP Address? Changing this forces a new resource to be created. * `host_group_id` - (Optional) Specifies the ID of the Host Group within which this AKS Cluster should be created. Changing this forces a new resource to be created.