From 697ce44eeab9435e19304d514242382c055fdac7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?St=C3=A9phane=20MERLE?=
 <95630726+smerle33@users.noreply.github.com>
Date: Thu, 20 Jun 2024 18:04:49 +0200
Subject: [PATCH] feat(privatek8s/publick8s): allow infracijenkinsioagents1
 subnet to reach aks api (#735)

as per https://github.com/jenkins-infra/helpdesk/issues/3923

we need to allow new agents from the cluster `infracijenkinsioagents1`
to access aks api for privatek8s and publick8s.
---
 .shared-tools | 2 +-
 privatek8s.tf | 1 +
 publick8s.tf  | 1 +
 3 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/.shared-tools b/.shared-tools
index 24d82cd6..ac022a54 160000
--- a/.shared-tools
+++ b/.shared-tools
@@ -1 +1 @@
-Subproject commit 24d82cd6a4004433debfdc87e6986117fd5a99f0
+Subproject commit ac022a54939ee6dc981719d3d65b13983db7c720
diff --git a/privatek8s.tf b/privatek8s.tf
index c514788b..5bced59b 100644
--- a/privatek8s.tf
+++ b/privatek8s.tf
@@ -51,6 +51,7 @@ resource "azurerm_kubernetes_cluster" "privatek8s" {
             [for key, value in module.jenkins_infra_shared_data.admin_public_ips : value],
             # privatek8s outbound IPs (traffic routed through gateways or outbound LBs)
             module.jenkins_infra_shared_data.outbound_ips["privatek8s.jenkins.io"],
+            module.jenkins_infra_shared_data.outbound_ips["infracijenkinsioagents1.jenkins.io"],
           )
         )
       ),
diff --git a/publick8s.tf b/publick8s.tf
index a189297b..6b68edc3 100644
--- a/publick8s.tf
+++ b/publick8s.tf
@@ -46,6 +46,7 @@ resource "azurerm_kubernetes_cluster" "publick8s" {
             # trusted.ci subnet (UC agents need to execute mirrorbits scans)
             module.jenkins_infra_shared_data.outbound_ips["trusted.ci.jenkins.io"],
             module.jenkins_infra_shared_data.outbound_ips["trusted.sponsorship.ci.jenkins.io"],
+            module.jenkins_infra_shared_data.outbound_ips["infracijenkinsioagents1.jenkins.io"],
           )
         )
       ),