diff --git a/internal/services/containers/kubernetes_cluster_data_source.go b/internal/services/containers/kubernetes_cluster_data_source.go index 5dfb1036686f..f4aad1c4d2a7 100644 --- a/internal/services/containers/kubernetes_cluster_data_source.go +++ b/internal/services/containers/kubernetes_cluster_data_source.go @@ -324,14 +324,6 @@ func dataSourceKubernetesCluster() *pluginsdk.Resource { }, }, - "custom_ca_trust_certificates_base64": { - Type: pluginsdk.TypeList, - Computed: true, - Elem: &pluginsdk.Schema{ - Type: pluginsdk.TypeString, - }, - }, - "oms_agent": { Type: pluginsdk.TypeList, Computed: true, @@ -654,10 +646,6 @@ func dataSourceKubernetesCluster() *pluginsdk.Resource { Type: pluginsdk.TypeBool, Computed: true, }, - "disk_driver_version": { - Type: pluginsdk.TypeString, - Computed: true, - }, "file_driver_enabled": { Type: pluginsdk.TypeBool, Computed: true, @@ -745,6 +733,21 @@ func dataSourceKubernetesCluster() *pluginsdk.Resource { Computed: true, Deprecated: "This property is deprecated and will be removed in v4.0 of the AzureRM Provider in favour of the `node_public_ip_enabled` property.", } + resource.Schema["storage_profile"].Elem.(*pluginsdk.Resource).Schema["disk_driver_version"] = &pluginsdk.Schema{ + Deprecated: "This property is not available in the stable API and will be removed in v4.0 of the Azure Provider. Please see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/4.0-upgrade-guide#aks-migration-to-stable-api for more details.", + Type: pluginsdk.TypeString, + Computed: true, + } + + resource.Schema["custom_ca_trust_certificates_base64"] = &pluginsdk.Schema{ + Deprecated: "This property is not available in the stable API and will be removed in v4.0 of the Azure Provider. Please see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/4.0-upgrade-guide#aks-migration-to-stable-api for more details.", + Type: pluginsdk.TypeList, + Computed: true, + Elem: &pluginsdk.Schema{ + Type: pluginsdk.TypeString, + }, + } + resource.Schema["azure_active_directory_role_based_access_control"] = &pluginsdk.Schema{ Type: pluginsdk.TypeList, Computed: true, @@ -865,9 +868,11 @@ func dataSourceKubernetesClusterRead(d *pluginsdk.ResourceData, meta interface{} return fmt.Errorf("setting `key_management_service`: %+v", err) } - customCaTrustCertList := flattenCustomCaTrustCerts(props.SecurityProfile) - if err := d.Set("custom_ca_trust_certificates_base64", customCaTrustCertList); err != nil { - return fmt.Errorf("setting `custom_ca_trust_certificates_base64`: %+v", err) + if !features.FourPointOhBeta() { + customCaTrustCertList := flattenCustomCaTrustCerts(props.SecurityProfile) + if err := d.Set("custom_ca_trust_certificates_base64", customCaTrustCertList); err != nil { + return fmt.Errorf("setting `custom_ca_trust_certificates_base64`: %+v", err) + } } serviceMeshProfile := flattenKubernetesClusterAzureServiceMeshProfile(props.ServiceMeshProfile) @@ -1018,11 +1023,6 @@ func flattenKubernetesClusterDataSourceStorageProfile(input *managedclusters.Man diskEnabled = *input.DiskCSIDriver.Enabled } - diskVersion := "" - if input.DiskCSIDriver != nil && input.DiskCSIDriver.Version != nil { - diskVersion = *input.DiskCSIDriver.Version - } - fileEnabled := true if input.FileCSIDriver != nil && input.FileCSIDriver.Enabled != nil { fileEnabled = *input.FileCSIDriver.Enabled @@ -1033,13 +1033,26 @@ func flattenKubernetesClusterDataSourceStorageProfile(input *managedclusters.Man snapshotController = *input.SnapshotController.Enabled } - storageProfile = append(storageProfile, map[string]interface{}{ - "blob_driver_enabled": blobEnabled, - "disk_driver_enabled": diskEnabled, - "disk_driver_version": diskVersion, - "file_driver_enabled": fileEnabled, - "snapshot_controller_enabled": snapshotController, - }) + if !features.FourPointOhBeta() { + diskVersion := "" + if input.DiskCSIDriver != nil && input.DiskCSIDriver.Version != nil { + diskVersion = *input.DiskCSIDriver.Version + } + storageProfile = append(storageProfile, map[string]interface{}{ + "blob_driver_enabled": blobEnabled, + "disk_driver_enabled": diskEnabled, + "disk_driver_version": diskVersion, + "file_driver_enabled": fileEnabled, + "snapshot_controller_enabled": snapshotController, + }) + } else { + storageProfile = append(storageProfile, map[string]interface{}{ + "blob_driver_enabled": blobEnabled, + "disk_driver_enabled": diskEnabled, + "file_driver_enabled": fileEnabled, + "snapshot_controller_enabled": snapshotController, + }) + } } return storageProfile diff --git a/internal/services/containers/kubernetes_cluster_data_source_test.go b/internal/services/containers/kubernetes_cluster_data_source_test.go index 23b4d9b6935a..0f87c4f37a17 100644 --- a/internal/services/containers/kubernetes_cluster_data_source_test.go +++ b/internal/services/containers/kubernetes_cluster_data_source_test.go @@ -555,6 +555,9 @@ func TestAccDataSourceKubernetesCluster_microsoftDefender(t *testing.T) { } func TestAccDataSourceKubernetesCluster_customCaTrustCerts(t *testing.T) { + if features.FourPointOhBeta() { + t.Skip("Skipping this test in 4.0 beta as it is not supported") + } data := acceptance.BuildTestData(t, "data.azurerm_kubernetes_cluster", "test") r := KubernetesClusterDataSource{} diff --git a/internal/services/containers/kubernetes_cluster_network_resource_test.go b/internal/services/containers/kubernetes_cluster_network_resource_test.go index ec5d3a3c2085..2607ff697d10 100644 --- a/internal/services/containers/kubernetes_cluster_network_resource_test.go +++ b/internal/services/containers/kubernetes_cluster_network_resource_test.go @@ -979,6 +979,9 @@ func TestAccKubernetesCluster_networkDataPlane(t *testing.T) { } func TestAccKubernetesCluster_apiServerInManagedSubnet(t *testing.T) { + if features.FourPointOhBeta() { + t.Skip("Skipping this test in 4.0 beta as it is not supported") + } data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster", "test") r := KubernetesClusterResource{} @@ -994,6 +997,9 @@ func TestAccKubernetesCluster_apiServerInManagedSubnet(t *testing.T) { } func TestAccKubernetesCluster_apiServerInBYOSubnet(t *testing.T) { + if features.FourPointOhBeta() { + t.Skip("Skipping this test in 4.0 beta as it is not supported") + } data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster", "test") r := KubernetesClusterResource{} diff --git a/internal/services/containers/kubernetes_cluster_node_pool_resource.go b/internal/services/containers/kubernetes_cluster_node_pool_resource.go index 10427430ae5e..c37594fcef88 100644 --- a/internal/services/containers/kubernetes_cluster_node_pool_resource.go +++ b/internal/services/containers/kubernetes_cluster_node_pool_resource.go @@ -134,11 +134,6 @@ func resourceKubernetesClusterNodePoolSchema() map[string]*pluginsdk.Schema { ValidateFunc: capacityreservationgroups.ValidateCapacityReservationGroupID, }, - "custom_ca_trust_enabled": { - Type: pluginsdk.TypeBool, - Optional: true, - }, - "eviction_policy": { Type: pluginsdk.TypeString, Optional: true, @@ -195,13 +190,6 @@ func resourceKubernetesClusterNodePoolSchema() map[string]*pluginsdk.Schema { ForceNew: true, }, - "message_of_the_day": { - Type: pluginsdk.TypeString, - Optional: true, - ForceNew: true, - ValidateFunc: validation.StringIsNotEmpty, - }, - "mode": { Type: pluginsdk.TypeString, Optional: true, @@ -390,7 +378,6 @@ func resourceKubernetesClusterNodePoolSchema() map[string]*pluginsdk.Schema { ValidateFunc: validation.StringInSlice([]string{ string(agentpools.WorkloadRuntimeOCIContainer), string(agentpools.WorkloadRuntimeWasmWasi), - string(agentpools.WorkloadRuntimeKataMshvVMIsolation), }, false), }, @@ -415,6 +402,20 @@ func resourceKubernetesClusterNodePoolSchema() map[string]*pluginsdk.Schema { } if !features.FourPointOhBeta() { + s["message_of_the_day"] = &pluginsdk.Schema{ + Deprecated: "This property is not available in the stable API and will be removed in v4.0 of the Azure Provider. Please see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/4.0-upgrade-guide#aks-migration-to-stable-api for more details.", + Type: pluginsdk.TypeString, + Optional: true, + ForceNew: true, + ValidateFunc: validation.StringIsNotEmpty, + } + + s["custom_ca_trust_enabled"] = &pluginsdk.Schema{ + Deprecated: "This property is not available in the stable API and will be removed in v4.0 of the Azure Provider. Please see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/4.0-upgrade-guide#aks-migration-to-stable-api for more details.", + Type: pluginsdk.TypeBool, + Optional: true, + } + s["os_sku"].ValidateFunc = validation.StringInSlice([]string{ string(agentpools.OSSKUAzureLinux), string(agentpools.OSSKUCBLMariner), @@ -423,6 +424,12 @@ func resourceKubernetesClusterNodePoolSchema() map[string]*pluginsdk.Schema { string(agentpools.OSSKUWindowsTwoZeroOneNine), string(agentpools.OSSKUWindowsTwoZeroTwoTwo), }, false) + + s["workload_runtime"].ValidateFunc = validation.StringInSlice([]string{ + string(agentpools.WorkloadRuntimeOCIContainer), + string(agentpools.WorkloadRuntimeWasmWasi), + string(agentpools.WorkloadRuntimeKataMshvVMIsolation), + }, false) } if !features.FourPointOh() { @@ -546,7 +553,6 @@ func resourceKubernetesClusterNodePoolCreate(d *pluginsdk.ResourceData, meta int profile := agentpools.ManagedClusterAgentPoolProfileProperties{ OsType: pointer.To(agentpools.OSType(osType)), EnableAutoScaling: pointer.To(enableAutoScaling), - EnableCustomCATrust: pointer.To(d.Get("custom_ca_trust_enabled").(bool)), EnableFIPS: pointer.To(d.Get("fips_enabled").(bool)), EnableEncryptionAtHost: pointer.To(hostEncryption), EnableUltraSSD: pointer.To(d.Get("ultra_ssd_enabled").(bool)), @@ -564,6 +570,10 @@ func resourceKubernetesClusterNodePoolCreate(d *pluginsdk.ResourceData, meta int Count: utils.Int64(int64(count)), } + if !features.FourPointOhBeta() { + profile.EnableCustomCATrust = pointer.To(d.Get("custom_ca_trust_enabled").(bool)) + } + if gpuInstanceProfile := d.Get("gpu_instance").(string); gpuInstanceProfile != "" { profile.GpuInstanceProfile = pointer.To(agentpools.GPUInstanceProfile(gpuInstanceProfile)) } @@ -625,12 +635,14 @@ func resourceKubernetesClusterNodePoolCreate(d *pluginsdk.ResourceData, meta int profile.NodeTaints = nodeTaints } - if v := d.Get("message_of_the_day").(string); v != "" { - if profile.OsType != nil && *profile.OsType == agentpools.OSTypeWindows { - return fmt.Errorf("`message_of_the_day` cannot be specified for Windows nodes and must be a static string (i.e. will be printed raw and not executed as a script)") + if !features.FourPointOhBeta() { + if v := d.Get("message_of_the_day").(string); v != "" { + if profile.OsType != nil && *profile.OsType == agentpools.OSTypeWindows { + return fmt.Errorf("`message_of_the_day` cannot be specified for Windows nodes and must be a static string (i.e. will be printed raw and not executed as a script)") + } + messageOfTheDayEncoded := base64.StdEncoding.EncodeToString([]byte(v)) + profile.MessageOfTheDay = &messageOfTheDayEncoded } - messageOfTheDayEncoded := base64.StdEncoding.EncodeToString([]byte(v)) - profile.MessageOfTheDay = &messageOfTheDayEncoded } if osDiskSizeGB := d.Get("os_disk_size_gb").(int); osDiskSizeGB > 0 { @@ -810,8 +822,10 @@ func resourceKubernetesClusterNodePoolUpdate(d *pluginsdk.ResourceData, meta int } } - if d.HasChange("custom_ca_trust_enabled") { - props.EnableCustomCATrust = utils.Bool(d.Get("custom_ca_trust_enabled").(bool)) + if !features.FourPointOhBeta() { + if d.HasChange("custom_ca_trust_enabled") { + props.EnableCustomCATrust = utils.Bool(d.Get("custom_ca_trust_enabled").(bool)) + } } if d.HasChange("max_count") || enableAutoScaling { @@ -969,16 +983,22 @@ func resourceKubernetesClusterNodePoolRead(d *pluginsdk.ResourceData, meta inter if model := resp.Model; model != nil && model.Properties != nil { props := model.Properties d.Set("zones", zones.FlattenUntyped(props.AvailabilityZones)) - if features.FourPointOh() { + + switch { + case features.FourPointOh(): d.Set("auto_scaling_enabled", props.EnableAutoScaling) d.Set("node_public_ip_enabled", props.EnableNodePublicIP) d.Set("host_encryption_enabled", props.EnableEncryptionAtHost) - } else { + case features.FourPointOhBeta(): + d.Set("enable_auto_scaling", props.EnableAutoScaling) + d.Set("enable_node_public_ip", props.EnableNodePublicIP) + d.Set("enable_host_encryption", props.EnableEncryptionAtHost) + default: + d.Set("custom_ca_trust_enabled", props.EnableCustomCATrust) d.Set("enable_auto_scaling", props.EnableAutoScaling) d.Set("enable_node_public_ip", props.EnableNodePublicIP) d.Set("enable_host_encryption", props.EnableEncryptionAtHost) } - d.Set("custom_ca_trust_enabled", props.EnableCustomCATrust) d.Set("fips_enabled", props.EnableFIPS) d.Set("ultra_ssd_enabled", props.EnableUltraSSD) @@ -1028,15 +1048,17 @@ func resourceKubernetesClusterNodePoolRead(d *pluginsdk.ResourceData, meta inter } d.Set("max_count", maxCount) - messageOfTheDay := "" - if props.MessageOfTheDay != nil { - messageOfTheDayDecoded, err := base64.StdEncoding.DecodeString(*props.MessageOfTheDay) - if err != nil { - return fmt.Errorf("setting `message_of_the_day`: %+v", err) + if !features.FourPointOhBeta() { + messageOfTheDay := "" + if props.MessageOfTheDay != nil { + messageOfTheDayDecoded, err := base64.StdEncoding.DecodeString(*props.MessageOfTheDay) + if err != nil { + return fmt.Errorf("setting `message_of_the_day`: %+v", err) + } + messageOfTheDay = string(messageOfTheDayDecoded) } - messageOfTheDay = string(messageOfTheDayDecoded) + d.Set("message_of_the_day", messageOfTheDay) } - d.Set("message_of_the_day", messageOfTheDay) maxPods := 0 if props.MaxPods != nil { diff --git a/internal/services/containers/kubernetes_cluster_node_pool_resource_test.go b/internal/services/containers/kubernetes_cluster_node_pool_resource_test.go index 67f0c938317b..278c2ee69ea1 100644 --- a/internal/services/containers/kubernetes_cluster_node_pool_resource_test.go +++ b/internal/services/containers/kubernetes_cluster_node_pool_resource_test.go @@ -944,6 +944,26 @@ func TestAccKubernetesClusterNodePool_workloadRuntime(t *testing.T) { data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster_node_pool", "test") r := KubernetesClusterNodePoolResource{} + if !features.FourPointOhBeta() { + data.ResourceTest(t, r, []acceptance.TestStep{ + { + Config: r.workloadRuntime(data, "OCIContainer"), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + { + Config: r.workloadRuntime(data, "KataMshvVmIsolation"), + Check: acceptance.ComposeTestCheckFunc( + check.That(data.ResourceName).ExistsInAzure(r), + ), + }, + data.ImportStep(), + }) + return + } + data.ResourceTest(t, r, []acceptance.TestStep{ { Config: r.workloadRuntime(data, "OCIContainer"), @@ -952,17 +972,13 @@ func TestAccKubernetesClusterNodePool_workloadRuntime(t *testing.T) { ), }, data.ImportStep(), - { - Config: r.workloadRuntime(data, "KataMshvVmIsolation"), - Check: acceptance.ComposeTestCheckFunc( - check.That(data.ResourceName).ExistsInAzure(r), - ), - }, - data.ImportStep(), }) } func TestAccKubernetesClusterNodePool_customCATrustEnabled(t *testing.T) { + if features.FourPointOhBeta() { + t.Skip("Skipping this test in 4.0 beta as it is not supported") + } data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster_node_pool", "test") r := KubernetesClusterNodePoolResource{} @@ -2425,7 +2441,8 @@ resource "azurerm_kubernetes_cluster_node_pool" "test" { } func (r KubernetesClusterNodePoolResource) other(data acceptance.TestData) string { - return fmt.Sprintf(` + if !features.FourPointOhBeta() { + return fmt.Sprintf(` provider "azurerm" { features {} } @@ -2441,6 +2458,23 @@ resource "azurerm_kubernetes_cluster_node_pool" "test" { kubelet_disk_type = "OS" message_of_the_day = "daily message" } +`, r.templateConfig(data)) + } + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +%s + +resource "azurerm_kubernetes_cluster_node_pool" "test" { + name = "internal" + kubernetes_cluster_id = azurerm_kubernetes_cluster.test.id + vm_size = "Standard_DS2_v2" + node_count = 3 + fips_enabled = true + kubelet_disk_type = "OS" +} `, r.templateConfig(data)) } diff --git a/internal/services/containers/kubernetes_cluster_other_resource_test.go b/internal/services/containers/kubernetes_cluster_other_resource_test.go index e3f4a88919d7..1c0825a79c58 100644 --- a/internal/services/containers/kubernetes_cluster_other_resource_test.go +++ b/internal/services/containers/kubernetes_cluster_other_resource_test.go @@ -274,6 +274,9 @@ func TestAccKubernetesCluster_nodePoolOther(t *testing.T) { } func TestAccKubernetesCluster_nodePoolKataMshvVmIsolation(t *testing.T) { + if features.FourPointOhBeta() { + t.Skip("Skipping this test in 4.0 beta as it is not supported") + } data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster", "test") r := KubernetesClusterResource{} @@ -917,6 +920,9 @@ func TestAccKubernetesCluster_workloadIdentity(t *testing.T) { } func TestAccKubernetesCluster_customCATrustEnabled(t *testing.T) { + if features.FourPointOhBeta() { + t.Skip("Skipping this test in 4.0 beta as it is not supported") + } data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster", "test") r := KubernetesClusterResource{} @@ -1106,6 +1112,9 @@ func TestAccKubernetesCluster_nodeOsUpgradeChannel(t *testing.T) { } func TestAccKubernetesCluster_customCaTrustCerts(t *testing.T) { + if features.FourPointOhBeta() { + t.Skip("Skipping this test in 4.0 beta as it is not supported") + } data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster", "test") r := KubernetesClusterResource{} @@ -1876,7 +1885,8 @@ resource "azurerm_kubernetes_cluster" "test" { } func (KubernetesClusterResource) nodePoolOther(data acceptance.TestData) string { - return fmt.Sprintf(` + if !features.FourPointOhBeta() { + return fmt.Sprintf(` provider "azurerm" { features {} } @@ -1909,6 +1919,40 @@ resource "azurerm_kubernetes_cluster" "test" { type = "SystemAssigned" } } +`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) + } + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-aks-%d" + location = "%s" +} + +resource "azurerm_kubernetes_cluster" "test" { + name = "acctestaks%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + dns_prefix = "acctestaks%d" + + default_node_pool { + name = "default" + node_count = 1 + vm_size = "Standard_DS2_v2" + fips_enabled = true + kubelet_disk_type = "OS" + workload_runtime = "OCIContainer" + upgrade_settings { + max_surge = "10%%" + } + } + + identity { + type = "SystemAssigned" + } +} `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger) } diff --git a/internal/services/containers/kubernetes_cluster_resource.go b/internal/services/containers/kubernetes_cluster_resource.go index b442e4562e9d..ddbf84a8b64c 100644 --- a/internal/services/containers/kubernetes_cluster_resource.go +++ b/internal/services/containers/kubernetes_cluster_resource.go @@ -122,7 +122,7 @@ func resourceKubernetesCluster() *pluginsdk.Resource { return old.(string) != "" }), pluginsdk.ForceNewIfChange("custom_ca_trust_certificates_base64", func(ctx context.Context, old, new, meta interface{}) bool { - return len(old.([]interface{})) > 0 && len(new.([]interface{})) == 0 + return !features.FourPointOhBeta() && len(old.([]interface{})) > 0 && len(new.([]interface{})) == 0 }), ), @@ -158,17 +158,6 @@ func resourceKubernetesCluster() *pluginsdk.Resource { MaxItems: 1, Elem: &pluginsdk.Resource{ Schema: map[string]*pluginsdk.Schema{ - "vnet_integration_enabled": { - Type: pluginsdk.TypeBool, - Optional: true, - }, - - "subnet_id": { - Type: pluginsdk.TypeString, - Optional: true, - ValidateFunc: commonids.ValidateSubnetID, - }, - "authorized_ip_ranges": { Type: pluginsdk.TypeSet, Optional: true, @@ -344,16 +333,6 @@ func resourceKubernetesCluster() *pluginsdk.Resource { Optional: true, }, - "custom_ca_trust_certificates_base64": { - Type: pluginsdk.TypeList, - Optional: true, - MaxItems: 10, - Elem: &pluginsdk.Schema{ - Type: pluginsdk.TypeString, - ValidateFunc: validation.StringIsBase64, - }, - }, - "default_node_pool": SchemaDefaultNodePool(), "disk_encryption_set_id": { @@ -1383,7 +1362,6 @@ func resourceKubernetesCluster() *pluginsdk.Resource { MaxItems: 1, Elem: &pluginsdk.Resource{ Schema: map[string]*pluginsdk.Schema{ - "blob_driver_enabled": { Type: pluginsdk.TypeBool, Optional: true, @@ -1394,15 +1372,6 @@ func resourceKubernetesCluster() *pluginsdk.Resource { Optional: true, Default: true, }, - "disk_driver_version": { - Type: pluginsdk.TypeString, - Optional: true, - Default: "v1", - ValidateFunc: validation.StringInSlice([]string{ - "v1", - "v2", - }, false), - }, "file_driver_enabled": { Type: pluginsdk.TypeBool, Optional: true, @@ -1535,6 +1504,37 @@ func resourceKubernetesCluster() *pluginsdk.Resource { Deprecated: "This property has been renamed to `authorized_ip_ranges` within the `api_server_access_profile` block and will be removed in v4.0 of the provider", ConflictsWith: []string{"api_server_access_profile.0.authorized_ip_ranges"}, } + resource.Schema["api_server_access_profile"].Elem.(*pluginsdk.Resource).Schema["vnet_integration_enabled"] = &pluginsdk.Schema{ + Deprecated: "This property is not available in the stable API and will be removed in v4.0 of the Azure Provider. Please see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/4.0-upgrade-guide#aks-migration-to-stable-api for more details.", + Type: pluginsdk.TypeBool, + Optional: true, + } + resource.Schema["api_server_access_profile"].Elem.(*pluginsdk.Resource).Schema["subnet_id"] = &pluginsdk.Schema{ + Deprecated: "This property is not available in the stable API and will be removed in v4.0 of the Azure Provider. Please see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/4.0-upgrade-guide#aks-migration-to-stable-api for more details.", + Type: pluginsdk.TypeString, + Optional: true, + ValidateFunc: commonids.ValidateSubnetID, + } + resource.Schema["custom_ca_trust_certificates_base64"] = &pluginsdk.Schema{ + Deprecated: "This property is not available in the stable API and will be removed in v4.0 of the Azure Provider. Please see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/4.0-upgrade-guide#aks-migration-to-stable-api for more details.", + Type: pluginsdk.TypeList, + Optional: true, + MaxItems: 10, + Elem: &pluginsdk.Schema{ + Type: pluginsdk.TypeString, + ValidateFunc: validation.StringIsBase64, + }, + } + resource.Schema["storage_profile"].Elem.(*pluginsdk.Resource).Schema["disk_driver_version"] = &pluginsdk.Schema{ + Deprecated: "This property is not available in the stable API and will be removed in v4.0 of the Azure Provider. Please see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/4.0-upgrade-guide#aks-migration-to-stable-api for more details.", + Type: pluginsdk.TypeString, + Optional: true, + Default: "v1", + ValidateFunc: validation.StringInSlice([]string{ + "v1", + "v2", + }, false), + } resource.Schema["network_profile"].Elem.(*pluginsdk.Resource).Schema["docker_bridge_cidr"] = &pluginsdk.Schema{ Type: pluginsdk.TypeString, Optional: true, @@ -1978,8 +1978,10 @@ func resourceKubernetesClusterCreate(d *pluginsdk.ResourceData, meta interface{} autoUpgradeProfile.NodeOSUpgradeChannel = pointer.To(managedclusters.NodeOSUpgradeChannel(nodeOsChannelUpgrade)) } - if customCaTrustCertListRaw := d.Get("custom_ca_trust_certificates_base64").([]interface{}); len(customCaTrustCertListRaw) > 0 { - securityProfile.CustomCATrustCertificates = convertCustomCaTrustCertsInput(customCaTrustCertListRaw) + if !features.FourPointOhBeta() { + if customCaTrustCertListRaw := d.Get("custom_ca_trust_certificates_base64").([]interface{}); len(customCaTrustCertListRaw) > 0 { + securityProfile.CustomCATrustCertificates = convertCustomCaTrustCertsInput(customCaTrustCertListRaw) + } } parameters := managedclusters.ManagedCluster{ @@ -2533,7 +2535,7 @@ func resourceKubernetesClusterUpdate(d *pluginsdk.ResourceData, meta interface{} existing.Model.Properties.SecurityProfile.AzureKeyVaultKms = azureKeyVaultKms } - if d.HasChanges("custom_ca_trust_certificates_base64") { + if !features.FourPointOhBeta() && d.HasChanges("custom_ca_trust_certificates_base64") { updateCluster = true customCaTrustCertListRaw := d.Get("custom_ca_trust_certificates_base64").([]interface{}) existing.Model.Properties.SecurityProfile.CustomCATrustCertificates = convertCustomCaTrustCertsInput(customCaTrustCertListRaw) @@ -2940,8 +2942,10 @@ func resourceKubernetesClusterRead(d *pluginsdk.ResourceData, meta interface{}) d.Set("node_os_upgrade_channel", nodeOSUpgradeChannel) } - customCaTrustCertList := flattenCustomCaTrustCerts(props.SecurityProfile) - d.Set("custom_ca_trust_certificates_base64", customCaTrustCertList) + if !features.FourPointOhBeta() { + customCaTrustCertList := flattenCustomCaTrustCerts(props.SecurityProfile) + d.Set("custom_ca_trust_certificates_base64", customCaTrustCertList) + } enablePrivateCluster := false enablePrivateClusterPublicFQDN := false @@ -3379,17 +3383,19 @@ func expandKubernetesClusterAPIAccessProfile(d *pluginsdk.ResourceData) *managed } } - enableVnetIntegration := false - if v := config["vnet_integration_enabled"]; v != nil { - enableVnetIntegration = v.(bool) - } - apiAccessProfile.EnableVnetIntegration = utils.Bool(enableVnetIntegration) + if !features.FourPointOhBeta() { + enableVnetIntegration := false + if v := config["vnet_integration_enabled"]; v != nil { + enableVnetIntegration = v.(bool) + } + apiAccessProfile.EnableVnetIntegration = utils.Bool(enableVnetIntegration) - subnetId := "" - if v := config["subnet_id"]; v != nil { - subnetId = v.(string) + subnetId := "" + if v := config["subnet_id"]; v != nil { + subnetId = v.(string) + } + apiAccessProfile.SubnetId = utils.String(subnetId) } - apiAccessProfile.SubnetId = utils.String(subnetId) return apiAccessProfile } @@ -3398,26 +3404,40 @@ func flattenKubernetesClusterAPIAccessProfile(profile *managedclusters.ManagedCl // some properties in this block are exposed within the `api_server_access_profile` block and others are exposed as // top level properties which causes strange diffs depending on what is being set, so this also needs to check // whether the properties in the block are returned or nil - if profile == nil || (profile.AuthorizedIPRanges == nil && profile.SubnetId == nil && profile.EnableVnetIntegration == nil) { - return []interface{}{} + if !features.FourPointOhBeta() { + if profile == nil || (profile.AuthorizedIPRanges == nil && profile.SubnetId == nil && profile.EnableVnetIntegration == nil) { + return []interface{}{} + } + } else { + if profile == nil || profile.AuthorizedIPRanges == nil { + return []interface{}{} + } } apiServerAuthorizedIPRanges := utils.FlattenStringSlice(profile.AuthorizedIPRanges) - enableVnetIntegration := false - if profile.EnableVnetIntegration != nil { - enableVnetIntegration = *profile.EnableVnetIntegration - } - subnetId := "" - if profile.SubnetId != nil && *profile.SubnetId != "" { - subnetId = *profile.SubnetId + if !features.FourPointOhBeta() { + enableVnetIntegration := false + if profile.EnableVnetIntegration != nil { + enableVnetIntegration = *profile.EnableVnetIntegration + } + subnetId := "" + if profile.SubnetId != nil && *profile.SubnetId != "" { + subnetId = *profile.SubnetId + } + + return []interface{}{ + map[string]interface{}{ + "authorized_ip_ranges": apiServerAuthorizedIPRanges, + "subnet_id": subnetId, + "vnet_integration_enabled": enableVnetIntegration, + }, + } } return []interface{}{ map[string]interface{}{ - "authorized_ip_ranges": apiServerAuthorizedIPRanges, - "subnet_id": subnetId, - "vnet_integration_enabled": enableVnetIntegration, + "authorized_ip_ranges": apiServerAuthorizedIPRanges, }, } } @@ -4766,7 +4786,6 @@ func expandStorageProfile(input []interface{}) *managedclusters.ManagedClusterSt }, DiskCSIDriver: &managedclusters.ManagedClusterStorageProfileDiskCSIDriver{ Enabled: utils.Bool(raw["disk_driver_enabled"].(bool)), - Version: utils.String(raw["disk_driver_version"].(string)), }, FileCSIDriver: &managedclusters.ManagedClusterStorageProfileFileCSIDriver{ Enabled: utils.Bool(raw["file_driver_enabled"].(bool)), @@ -4776,6 +4795,10 @@ func expandStorageProfile(input []interface{}) *managedclusters.ManagedClusterSt }, } + if !features.FourPointOhBeta() { + profile.DiskCSIDriver.Version = utils.String(raw["disk_driver_version"].(string)) + } + return &profile } diff --git a/internal/services/containers/kubernetes_cluster_resource_test.go b/internal/services/containers/kubernetes_cluster_resource_test.go index 40085cd72be0..294f0182522f 100644 --- a/internal/services/containers/kubernetes_cluster_resource_test.go +++ b/internal/services/containers/kubernetes_cluster_resource_test.go @@ -15,6 +15,7 @@ import ( "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance" "github.com/hashicorp/terraform-provider-azurerm/internal/acceptance/check" "github.com/hashicorp/terraform-provider-azurerm/internal/clients" + "github.com/hashicorp/terraform-provider-azurerm/internal/features" "github.com/hashicorp/terraform-provider-azurerm/internal/tf/pluginsdk" "github.com/hashicorp/terraform-provider-azurerm/utils" ) @@ -851,7 +852,8 @@ resource "azurerm_kubernetes_cluster" "test" { } func (KubernetesClusterResource) storageProfile(data acceptance.TestData, controlPlaneVersion string) string { - return fmt.Sprintf(` + if !features.FourPointOhBeta() { + return fmt.Sprintf(` provider "azurerm" { features {} } @@ -888,6 +890,45 @@ resource "azurerm_kubernetes_cluster" "test" { file_driver_enabled = false snapshot_controller_enabled = false } +} + `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, controlPlaneVersion) + } + return fmt.Sprintf(` +provider "azurerm" { + features {} +} + +resource "azurerm_resource_group" "test" { + name = "acctestRG-aks-%d" + location = "%s" +} + +resource "azurerm_kubernetes_cluster" "test" { + name = "acctestaks%d" + location = azurerm_resource_group.test.location + resource_group_name = azurerm_resource_group.test.name + dns_prefix = "acctestaks%d" + kubernetes_version = %q + + default_node_pool { + name = "default" + node_count = 1 + vm_size = "Standard_DS2_v2" + upgrade_settings { + max_surge = "10%%" + } + } + + identity { + type = "SystemAssigned" + } + + storage_profile { + blob_driver_enabled = true + disk_driver_enabled = true + file_driver_enabled = false + snapshot_controller_enabled = false + } } `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, controlPlaneVersion) } diff --git a/internal/services/containers/kubernetes_nodepool.go b/internal/services/containers/kubernetes_nodepool.go index b58f8df13cd2..038374d35da7 100644 --- a/internal/services/containers/kubernetes_nodepool.go +++ b/internal/services/containers/kubernetes_nodepool.go @@ -77,11 +77,6 @@ func SchemaDefaultNodePool() *pluginsdk.Schema { ValidateFunc: capacityreservationgroups.ValidateCapacityReservationGroupID, }, - "custom_ca_trust_enabled": { - Type: pluginsdk.TypeBool, - Optional: true, - }, - "kubelet_config": schemaNodePoolKubeletConfig(), "linux_os_config": schemaNodePoolLinuxOSConfig(), @@ -128,13 +123,6 @@ func SchemaDefaultNodePool() *pluginsdk.Schema { Computed: true, }, - "message_of_the_day": { - Type: pluginsdk.TypeString, - Optional: true, - ForceNew: true, - ValidateFunc: validation.StringIsNotEmpty, - }, - "min_count": { Type: pluginsdk.TypeInt, Optional: true, @@ -268,7 +256,6 @@ func SchemaDefaultNodePool() *pluginsdk.Schema { Computed: true, ValidateFunc: validation.StringInSlice([]string{ string(managedclusters.WorkloadRuntimeOCIContainer), - string(managedclusters.WorkloadRuntimeKataMshvVMIsolation), }, false), }, @@ -291,6 +278,20 @@ func SchemaDefaultNodePool() *pluginsdk.Schema { } if !features.FourPointOhBeta() { + s["custom_ca_trust_enabled"] = &pluginsdk.Schema{ + Deprecated: "This property is not available in the stable API and will be removed in v4.0 of the Azure Provider. Please see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/4.0-upgrade-guide#aks-migration-to-stable-api for more details.", + Type: pluginsdk.TypeBool, + Optional: true, + } + + s["message_of_the_day"] = &pluginsdk.Schema{ + Deprecated: "This property is not available in the stable API and will be removed in v4.0 of the Azure Provider. Please see https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/4.0-upgrade-guide#aks-migration-to-stable-api for more details.", + Type: pluginsdk.TypeString, + Optional: true, + ForceNew: true, + ValidateFunc: validation.StringIsNotEmpty, + } + s["type"].ValidateFunc = validation.StringInSlice([]string{ string(managedclusters.AgentPoolTypeAvailabilitySet), string(managedclusters.AgentPoolTypeVirtualMachineScaleSets), @@ -305,6 +306,11 @@ func SchemaDefaultNodePool() *pluginsdk.Schema { string(agentpools.OSSKUWindowsTwoZeroTwoTwo), }, false) + s["workload_runtime"].ValidateFunc = validation.StringInSlice([]string{ + string(managedclusters.WorkloadRuntimeOCIContainer), + string(managedclusters.WorkloadRuntimeKataMshvVMIsolation), + }, false) + s["node_taints"] = &pluginsdk.Schema{ Type: pluginsdk.TypeList, Optional: true, @@ -1080,10 +1086,8 @@ func ConvertDefaultNodePoolToAgentPool(input *[]managedclusters.ManagedClusterAg VnetSubnetID: defaultCluster.VnetSubnetID, MaxPods: defaultCluster.MaxPods, MaxCount: defaultCluster.MaxCount, - MessageOfTheDay: defaultCluster.MessageOfTheDay, MinCount: defaultCluster.MinCount, EnableAutoScaling: defaultCluster.EnableAutoScaling, - EnableCustomCATrust: defaultCluster.EnableCustomCATrust, EnableEncryptionAtHost: defaultCluster.EnableEncryptionAtHost, EnableFIPS: defaultCluster.EnableFIPS, EnableUltraSSD: defaultCluster.EnableUltraSSD, @@ -1099,6 +1103,12 @@ func ConvertDefaultNodePoolToAgentPool(input *[]managedclusters.ManagedClusterAg Tags: defaultCluster.Tags, }, } + + if !features.FourPointOhBeta() { + agentpool.Properties.MessageOfTheDay = defaultCluster.MessageOfTheDay + agentpool.Properties.EnableCustomCATrust = defaultCluster.EnableCustomCATrust + } + if osDisktypeNodePool := defaultCluster.OsDiskType; osDisktypeNodePool != nil { osDisktype := agentpools.OSDiskType(string(*osDisktypeNodePool)) agentpool.Properties.OsDiskType = &osDisktype @@ -1257,7 +1267,6 @@ func ExpandDefaultNodePool(d *pluginsdk.ResourceData) (*[]managedclusters.Manage profile := managedclusters.ManagedClusterAgentPoolProfile{ EnableAutoScaling: utils.Bool(enableAutoScaling), - EnableCustomCATrust: utils.Bool(raw["custom_ca_trust_enabled"].(bool)), EnableFIPS: utils.Bool(raw["fips_enabled"].(bool)), EnableNodePublicIP: utils.Bool(nodePublicIp), EnableEncryptionAtHost: utils.Bool(hostEncryption), @@ -1295,9 +1304,13 @@ func ExpandDefaultNodePool(d *pluginsdk.ResourceData) (*[]managedclusters.Manage profile.MaxPods = utils.Int64(maxPods) } - if v := raw["message_of_the_day"].(string); v != "" { - messageOfTheDayEncoded := base64.StdEncoding.EncodeToString([]byte(v)) - profile.MessageOfTheDay = &messageOfTheDayEncoded + if !features.FourPointOhBeta() { + if v := raw["message_of_the_day"].(string); v != "" { + messageOfTheDayEncoded := base64.StdEncoding.EncodeToString([]byte(v)) + profile.MessageOfTheDay = &messageOfTheDayEncoded + } + + profile.EnableCustomCATrust = utils.Bool(raw["custom_ca_trust_enabled"].(bool)) } if prefixID := raw["node_public_ip_prefix_id"].(string); prefixID != "" { @@ -1625,11 +1638,6 @@ func FlattenDefaultNodePool(input *[]managedclusters.ManagedClusterAgentPoolProf enableAutoScaling = *agentPool.EnableAutoScaling } - customCaTrustEnabled := false - if agentPool.EnableCustomCATrust != nil { - customCaTrustEnabled = *agentPool.EnableCustomCATrust - } - enableFIPS := false if agentPool.EnableFIPS != nil { enableFIPS = *agentPool.EnableFIPS @@ -1660,15 +1668,6 @@ func FlattenDefaultNodePool(input *[]managedclusters.ManagedClusterAgentPoolProf maxPods = int(*agentPool.MaxPods) } - messageOfTheDay := "" - if agentPool.MessageOfTheDay != nil { - messageOfTheDayDecoded, err := base64.StdEncoding.DecodeString(*agentPool.MessageOfTheDay) - if err != nil { - return nil, err - } - messageOfTheDay = string(messageOfTheDayDecoded) - } - minCount := 0 if agentPool.MinCount != nil { minCount = int(*agentPool.MinCount) @@ -1791,14 +1790,12 @@ func FlattenDefaultNodePool(input *[]managedclusters.ManagedClusterAgentPoolProf networkProfile := flattenClusterPoolNetworkProfile(agentPool.NetworkProfile) out := map[string]interface{}{ - "custom_ca_trust_enabled": customCaTrustEnabled, "fips_enabled": enableFIPS, "gpu_instance": gpuInstanceProfile, "host_group_id": hostGroupID, "kubelet_disk_type": kubeletDiskType, "max_count": maxCount, "max_pods": maxPods, - "message_of_the_day": messageOfTheDay, "min_count": minCount, "name": name, "node_count": count, @@ -1829,7 +1826,23 @@ func FlattenDefaultNodePool(input *[]managedclusters.ManagedClusterAgentPoolProf } if !features.FourPointOhBeta() { + customCaTrustEnabled := false + if agentPool.EnableCustomCATrust != nil { + customCaTrustEnabled = *agentPool.EnableCustomCATrust + } + + messageOfTheDay := "" + if agentPool.MessageOfTheDay != nil { + messageOfTheDayDecoded, err := base64.StdEncoding.DecodeString(*agentPool.MessageOfTheDay) + if err != nil { + return nil, err + } + messageOfTheDay = string(messageOfTheDayDecoded) + } + out["node_taints"] = []string{} + out["custom_ca_trust_enabled"] = customCaTrustEnabled + out["message_of_the_day"] = messageOfTheDay } if features.FourPointOh() { diff --git a/website/docs/d/kubernetes_cluster.html.markdown b/website/docs/d/kubernetes_cluster.html.markdown index 156579b446a1..1985203f440d 100644 --- a/website/docs/d/kubernetes_cluster.html.markdown +++ b/website/docs/d/kubernetes_cluster.html.markdown @@ -114,8 +114,6 @@ The following attributes are exported: * `tags` - A mapping of tags assigned to this resource. -* `custom_ca_trust_certificates_base64` - A list of custom base64 encoded CAs used by this Managed Kubernetes Cluster. - --- An `aci_connector_linux` block exports the following: @@ -341,8 +339,6 @@ A `storage_profile` block exports the following: * `disk_driver_enabled` Is the Disk CSI driver enabled? -* `disk_driver_version` The configured Disk CSI Driver version. - * `file_driver_enabled` Is the File CSI driver enabled? * `snapshot_controller_enabled` Is the Snapshot Controller enabled? diff --git a/website/docs/r/kubernetes_cluster.html.markdown b/website/docs/r/kubernetes_cluster.html.markdown index 891137999d06..bc488d45dd9b 100644 --- a/website/docs/r/kubernetes_cluster.html.markdown +++ b/website/docs/r/kubernetes_cluster.html.markdown @@ -101,10 +101,6 @@ In addition, one of either `identity` or `service_principal` blocks must be spec * `cost_analysis_enabled` - (Optional) Should cost analysis be enabled for this Kubernetes Cluster? Defaults to `false`. The `sku_tier` must be set to `Standard` or `Premium` to enable this feature. Enabling this will add Kubernetes Namespace and Deployment details to the Cost Analysis views in the Azure portal. -* `custom_ca_trust_certificates_base64` - (Optional) A list of up to 10 base64 encoded CAs that will be added to the trust store on nodes with the `custom_ca_trust_enabled` feature enabled. - --> **Note:** Removing `custom_ca_trust_certificates_base64` after it has been set forces a new resource to be created. - * `disk_encryption_set_id` - (Optional) The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information [can be found in the documentation](https://docs.microsoft.com/azure/aks/azure-disk-customer-managed-keys). Changing this forces a new resource to be created. * `edge_zone` - (Optional) Specifies the Edge Zone within the Azure Region where this Managed Kubernetes Cluster should exist. Changing this forces a new resource to be created. @@ -284,12 +280,6 @@ An `api_server_access_profile` block supports the following: * `authorized_ip_ranges` - (Optional) Set of authorized IP ranges to allow access to API server, e.g. ["198.51.100.0/24"]. -* `subnet_id` - (Optional) The ID of the Subnet where the API server endpoint is delegated to. - -* `vnet_integration_enabled` - (Optional) Should API Server VNet Integration be enabled? For more details please visit [Use API Server VNet Integration](https://learn.microsoft.com/en-us/azure/aks/api-server-vnet-integration). - --> **Note:** This requires that the Preview Feature `Microsoft.ContainerService/EnableAPIServerVnetIntegrationPreview` is enabled and the Resource Provider is re-registered, see [the documentation](https://learn.microsoft.com/en-us/azure/aks/api-server-vnet-integration#register-the-enableapiservervnetintegrationpreview-preview-feature) for more information. - --- An `auto_scaler_profile` block supports the following: @@ -372,10 +362,6 @@ A `default_node_pool` block supports the following: * `capacity_reservation_group_id` - (Optional) Specifies the ID of the Capacity Reservation Group within which this AKS Cluster should be created. Changing this forces a new resource to be created. -* `custom_ca_trust_enabled` - (Optional) Specifies whether to trust a Custom CA. - --> **Note:** This requires that the Preview Feature `Microsoft.ContainerService/CustomCATrustPreview` is enabled and the Resource Provider is re-registered, see [the documentation](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) for more information. - * `enable_auto_scaling` - (Optional) Should [the Kubernetes Auto Scaler](https://docs.microsoft.com/azure/aks/cluster-autoscaler) be enabled for this Node Pool? -> **Note:** This requires that the `type` is set to `VirtualMachineScaleSets`. @@ -402,8 +388,6 @@ A `default_node_pool` block supports the following: * `max_pods` - (Optional) The maximum number of pods that can run on each agent. `temporary_name_for_rotation` must be specified when changing this property. -* `message_of_the_day` - (Optional) A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It cannot be specified for Windows nodes and must be a static string (i.e. will be printed raw and not executed as a script). Changing this forces a new resource to be created. - * `node_network_profile` - (Optional) A `node_network_profile` block as documented below. * `node_public_ip_prefix_id` - (Optional) Resource ID for the Public IP Addresses Prefix for the nodes in this Node Pool. `enable_node_public_ip` should be `true`. Changing this forces a new resource to be created. @@ -448,9 +432,7 @@ A `default_node_pool` block supports the following: ~> **Note:** A Route Table must be configured on this Subnet. -* `workload_runtime` - (Optional) Specifies the workload runtime used by the node pool. Possible values are `OCIContainer` and `KataMshvVmIsolation`. - -~> **Note:** Pod Sandboxing / KataVM Isolation node pools are in Public Preview - more information and details on how to opt into the preview can be found in [this article](https://learn.microsoft.com/azure/aks/use-pod-sandboxing) +* `workload_runtime` - (Optional) Specifies the workload runtime used by the node pool. Possible value is `OCIContainer`. * `zones` - (Optional) Specifies a list of Availability Zones in which this Kubernetes Cluster should be located. `temporary_name_for_rotation` must be specified when changing this property. @@ -825,10 +807,6 @@ A `storage_profile` block supports the following: * `disk_driver_enabled` - (Optional) Is the Disk CSI driver enabled? Defaults to `true`. -* `disk_driver_version` - (Optional) Disk CSI Driver version to be used. Possible values are `v1` and `v2`. Defaults to `v1`. - --> **Note:** `Azure Disk CSI driver v2` is currently in [Public Preview](https://azure.microsoft.com/en-us/updates/public-preview-azure-disk-csi-driver-v2-in-aks/) on an opt-in basis. To use it, the feature `EnableAzureDiskCSIDriverV2` for namespace `Microsoft.ContainerService` must be requested. - * `file_driver_enabled` - (Optional) Is the File CSI driver enabled? Defaults to `true`. * `snapshot_controller_enabled` - (Optional) Is the Snapshot Controller enabled? Defaults to `true`. diff --git a/website/docs/r/kubernetes_cluster_node_pool.html.markdown b/website/docs/r/kubernetes_cluster_node_pool.html.markdown index 333a64b4c3f5..ffd20bd6b855 100644 --- a/website/docs/r/kubernetes_cluster_node_pool.html.markdown +++ b/website/docs/r/kubernetes_cluster_node_pool.html.markdown @@ -72,10 +72,6 @@ The following arguments are supported: * `capacity_reservation_group_id` - (Optional) Specifies the ID of the Capacity Reservation Group where this Node Pool should exist. Changing this forces a new resource to be created. -* `custom_ca_trust_enabled` - (Optional) Specifies whether to trust a Custom CA. - --> **Note:** This requires that the Preview Feature `Microsoft.ContainerService/CustomCATrustPreview` is enabled and the Resource Provider is re-registered, see [the documentation](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) for more information. - * `enable_auto_scaling` - (Optional) Whether to enable [auto-scaler](https://docs.microsoft.com/azure/aks/cluster-autoscaler). * `enable_host_encryption` - (Optional) Should the nodes in this Node Pool have host encryption enabled? Changing this forces a new resource to be created. @@ -104,8 +100,6 @@ The following arguments are supported: * `max_pods` - (Optional) The maximum number of pods that can run on each agent. Changing this forces a new resource to be created. -* `message_of_the_day` - (Optional) A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It cannot be specified for Windows nodes and must be a static string (i.e. will be printed raw and not executed as a script). Changing this forces a new resource to be created. - * `mode` - (Optional) Should this Node Pool be used for System or User resources? Possible values are `System` and `User`. Defaults to `User`. * `node_network_profile` - (Optional) A `node_network_profile` block as documented below. @@ -158,12 +152,10 @@ The following arguments are supported: * `windows_profile` - (Optional) A `windows_profile` block as documented below. Changing this forces a new resource to be created. -* `workload_runtime` - (Optional) Used to specify the workload runtime. Allowed values are `OCIContainer`, `WasmWasi` and `KataMshvVmIsolation`. +* `workload_runtime` - (Optional) Used to specify the workload runtime. Allowed values are `OCIContainer` and `WasmWasi`. ~> **Note:** WebAssembly System Interface node pools are in Public Preview - more information and details on how to opt into the preview can be found in [this article](https://docs.microsoft.com/azure/aks/use-wasi-node-pools) -~> **Note:** Pod Sandboxing / KataVM Isolation node pools are in Public Preview - more information and details on how to opt into the preview can be found in [this article](https://learn.microsoft.com/azure/aks/use-pod-sandboxing) - * `zones` - (Optional) Specifies a list of Availability Zones in which this Kubernetes Cluster Node Pool should be located. Changing this forces a new Kubernetes Cluster Node Pool to be created. ---