diff --git a/azurerm/resource_arm_kubernetes_cluster.go b/azurerm/resource_arm_kubernetes_cluster.go index 3f9a234dd6db..5b8acc24e1c5 100644 --- a/azurerm/resource_arm_kubernetes_cluster.go +++ b/azurerm/resource_arm_kubernetes_cluster.go @@ -48,6 +48,12 @@ func resourceArmKubernetesCluster() *schema.Resource { dockerBridgeCidr := profile["docker_bridge_cidr"].(string) dnsServiceIP := profile["dns_service_ip"].(string) serviceCidr := profile["service_cidr"].(string) + podCidr := profile["pod_cidr"].(string) + + // Azure network plugin is not compatible with pod_cidr + if podCidr != "" && networkPlugin == "azure" { + return fmt.Errorf("`pod_cidr` and `azure` cannot be set together.") + } // All empty values. if dockerBridgeCidr == "" && dnsServiceIP == "" && serviceCidr == "" { diff --git a/website/docs/r/kubernetes_cluster.html.markdown b/website/docs/r/kubernetes_cluster.html.markdown index cbe688e6b3b2..546d49019402 100644 --- a/website/docs/r/kubernetes_cluster.html.markdown +++ b/website/docs/r/kubernetes_cluster.html.markdown @@ -218,7 +218,7 @@ A `network_profile` block supports the following: * `network_plugin` - (Required) Network plugin to use for networking. Currently supported values are `azure` and `kubenet`. Changing this forces a new resource to be created. --> **NOTE:** When `network_plugin` is set to `azure` - the `vnet_subnet_id` field in the `agent_pool_profile` block must be set. +-> **NOTE:** When `network_plugin` is set to `azure` - the `vnet_subnet_id` field in the `agent_pool_profile` block must be set and `pod_cidr` must not be set. * `network_policy` - (Optional) Sets up network policy to be used with Azure CNI. [Network policy allows us to control the traffic flow between pods](https://docs.microsoft.com/en-us/azure/aks/use-network-policies). This field can only be set when `network_plugin` is set to `azure`. Currently supported values are `calico` and `azure`. Changing this forces a new resource to be created.