add open service mesh option for kuberentes service (public preview)

azurerm/internal/services/containers/kubernetes_addons.go

@@ -21,6 +21,7 @@ const (
 	kubernetesDashboardKey    = "kubeDashboard"
 	httpApplicationRoutingKey = "httpApplicationRouting"
 	omsAgentKey               = "omsagent"
+	openServiceMeshKey        = "openServiceMesh"
 )
 
 // The AKS API hard-codes which add-ons are supported in which environment
@@ -34,11 +35,13 @@ var unsupportedAddonsForEnvironment = map[string][]string{
 		azurePolicyKey,            // https://github.com/terraform-providers/terraform-provider-azurerm/issues/6462
 		httpApplicationRoutingKey, // https://github.com/terraform-providers/terraform-provider-azurerm/issues/5960
 		kubernetesDashboardKey,    // https://github.com/terraform-providers/terraform-provider-azurerm/issues/7487
+		openServiceMeshKey,        // Preview features are not supported in Azure China
 	},
 	azure.USGovernmentCloud.Name: {
 		azurePolicyKey,            // https://github.com/terraform-providers/terraform-provider-azurerm/issues/6702
 		httpApplicationRoutingKey, // https://github.com/terraform-providers/terraform-provider-azurerm/issues/5960
 		kubernetesDashboardKey,    // https://github.com/terraform-providers/terraform-provider-azurerm/issues/7136
+		openServiceMeshKey,        // Preview features are not supported in Azure Government
 	},
 }
 
@@ -154,6 +157,20 @@ func schemaKubernetesAddOnProfiles() *schema.Schema {
 						},
 					},
 				},
+
+				"open_service_mesh": {
+					Type:     schema.TypeList,
+					MaxItems: 1,
+					Optional: true,
+					Elem: &schema.Resource{
+						Schema: map[string]*schema.Schema{
+							"enabled": {
+								Type:     schema.TypeBool,
+								Required: true,
+							},
+						},
+					},
+				},
 			},
 		},
 	}
@@ -170,6 +187,7 @@ func expandKubernetesAddOnProfiles(input []interface{}, env azure.Environment) (
 		kubernetesDashboardKey:    &disabled,
 		httpApplicationRoutingKey: &disabled,
 		omsAgentKey:               &disabled,
+		openServiceMeshKey:        &disabled,
 	}
 
 	if len(input) == 0 {
@@ -248,6 +266,17 @@ func expandKubernetesAddOnProfiles(input []interface{}, env azure.Environment) (
 		}
 	}
 
+	openServiceMesh := profile["open_service_mesh"].([]interface{})
+	if len(openServiceMesh) > 0 && openServiceMesh[0] != nil {
+		value := openServiceMesh[0].(map[string]interface{})
+		enabled := value["enabled"].(bool)
+
+		addonProfiles[openServiceMeshKey] = &containerservice.ManagedClusterAddonProfile{
+			Enabled: utils.Bool(enabled),
+			Config:  nil,
+		}
+	}
+
 	return filterUnsupportedKubernetesAddOns(addonProfiles, env)
 }
 

azurerm/internal/services/containers/kubernetes_cluster_addons_resource_test.go

@@ -17,6 +17,7 @@ var kubernetesAddOnTests = map[string]func(t *testing.T){
 	"addonProfileOMS":                       testAccKubernetesCluster_addonProfileOMS,
 	"addonProfileOMSToggle":                 testAccKubernetesCluster_addonProfileOMSToggle,
 	"addonProfileRouting":                   testAccKubernetesCluster_addonProfileRoutingToggle,
+	"addonProfileOpenServiceMesh":           testAccKubernetesCluster_addonProfileOpenServiceMesh,
 }
 
 func TestAccKubernetesCluster_addonProfileAciConnectorLinux(t *testing.T) {
@@ -256,6 +257,28 @@ func testAccKubernetesCluster_addonProfileRoutingToggle(t *testing.T) {
 	})
 }
 
+func TestAccKubernetesCluster_addonProfileOpenServiceMesh(t *testing.T) {
+	checkIfShouldRunTestsIndividually(t)
+	testAccKubernetesCluster_addonProfileOpenServiceMesh(t)
+}
+
+func testAccKubernetesCluster_addonProfileOpenServiceMesh(t *testing.T) {
+	data := acceptance.BuildTestData(t, "azurerm_kubernetes_cluster", "test")
+	r := KubernetesClusterResource{}
+
+	data.ResourceTest(t, r, []resource.TestStep{
+		{
+			Config: r.addonProfileOpenServiceMeshConfig(data),
+			Check: resource.ComposeTestCheckFunc(
+				check.That(data.ResourceName).ExistsInAzure(r),
+				check.That(data.ResourceName).Key("addon_profile.0.open_service_mesh.#").HasValue("1"),
+				check.That(data.ResourceName).Key("addon_profile.0.open_service_mesh.0.enabled").HasValue("false"),
+			),
+		},
+		data.ImportStep(),
+	})
+}
+
 func (KubernetesClusterResource) addonProfileAciConnectorLinuxConfig(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 provider "azurerm" {
@@ -727,3 +750,47 @@ resource "azurerm_kubernetes_cluster" "test" {
 }
 `, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger)
 }
+
+func (KubernetesClusterResource) addonProfileOpenServiceMeshConfig(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+provider "azurerm" {
+  features {}
+}
+
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-aks-%d"
+  location = "%s"
+}
+
+resource "azurerm_kubernetes_cluster" "test" {
+  name                = "acctestaks%d"
+  location            = azurerm_resource_group.test.location
+  resource_group_name = azurerm_resource_group.test.name
+  dns_prefix          = "acctestaks%d"
+
+  linux_profile {
+    admin_username = "acctestuser%d"
+
+    ssh_key {
+      key_data = "ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCqaZoyiz1qbdOQ8xEf6uEu1cCwYowo5FHtsBhqLoDnnp7KUTEBN+L2NxRIfQ781rxV6Iq5jSav6b2Q8z5KiseOlvKA/RF2wqU0UPYqQviQhLmW6THTpmrv/YkUCuzxDpsH7DUDhZcwySLKVVe0Qm3+5N2Ta6UYH3lsDf9R9wTP2K/+vAnflKebuypNlmocIvakFWoZda18FOmsOoIVXQ8HWFNCuw9ZCunMSN62QGamCe3dL5cXlkgHYv7ekJE15IA9aOJcM7e90oeTqo+7HTcWfdu0qQqPWY5ujyMw/llas8tsXY85LFqRnr3gJ02bAscjc477+X+j/gkpFoN1QEmt [email protected]"
+    }
+  }
+
+  default_node_pool {
+    name       = "default"
+    node_count = 1
+    vm_size    = "Standard_DS2_v2"
+  }
+
+  addon_profile {
+    open_service_mesh {
+      enabled = false
+    }
+  }
+
+  identity {
+    type = "SystemAssigned"
+  }
+}
+`, data.RandomInteger, data.Locations.Primary, data.RandomInteger, data.RandomInteger, data.RandomInteger)
+}

azurerm/internal/services/containers/kubernetes_cluster_data_source.go

@@ -118,6 +118,19 @@ func dataSourceKubernetesCluster() *schema.Resource {
 								},
 							},
 						},
+
+						"open_service_mesh": {
+							Type:     schema.TypeList,
+							Computed: true,
+							Elem: &schema.Resource{
+								Schema: map[string]*schema.Schema{
+									"enabled": {
+										Type:     schema.TypeBool,
+										Computed: true,
+									},
+								},
+							},
+						},
 					},
 				},
 			},

azurerm/internal/services/containers/kubernetes_cluster_data_source_test.go

@@ -30,6 +30,7 @@ var kubernetesDataSourceTests = map[string]func(t *testing.T){
 	"addOnProfileKubeDashboard":                   testAccDataSourceKubernetesCluster_addOnProfileKubeDashboard,
 	"addOnProfileAzurePolicy":                     testAccDataSourceKubernetesCluster_addOnProfileAzurePolicy,
 	"addOnProfileRouting":                         testAccDataSourceKubernetesCluster_addOnProfileRouting,
+	"addOnProfileOpenServiceMesh":                 testAccDataSourceKubernetesCluster_addOnProfileOpenServiceMesh,
 	"autoscalingNoAvailabilityZones":              testAccDataSourceKubernetesCluster_autoscalingNoAvailabilityZones,
 	"autoscalingWithAvailabilityZones":            testAccDataSourceKubernetesCluster_autoscalingWithAvailabilityZones,
 	"nodeLabels":                                  testAccDataSourceKubernetesCluster_nodeLabels,
@@ -450,6 +451,27 @@ func testAccDataSourceKubernetesCluster_addOnProfileRouting(t *testing.T) {
 	})
 }
 
+func TestAccDataSourceKubernetesCluster_addOnProfileOpenServiceMesh(t *testing.T) {
+	checkIfShouldRunTestsIndividually(t)
+	testAccDataSourceKubernetesCluster_addOnProfileOpenServiceMesh(t)
+}
+
+func testAccDataSourceKubernetesCluster_addOnProfileOpenServiceMesh(t *testing.T) {
+	data := acceptance.BuildTestData(t, "data.azurerm_kubernetes_cluster", "test")
+	r := KubernetesClusterDataSource{}
+
+	data.DataSourceTest(t, []resource.TestStep{
+		{
+			Config: r.addOnProfileOpenServiceMeshConfig(data),
+			Check: resource.ComposeTestCheckFunc(
+				check.That(data.ResourceName).Key("addon_profile.#").HasValue("1"),
+				check.That(data.ResourceName).Key("addon_profile.0.open_service_mesh.#").HasValue("1"),
+				check.That(data.ResourceName).Key("addon_profile.0.open_service_mesh.0.enabled").HasValue("false"),
+			),
+		},
+	})
+}
+
 func TestAccDataSourceKubernetesCluster_autoscalingNoAvailabilityZones(t *testing.T) {
 	checkIfShouldRunTestsIndividually(t)
 	testAccDataSourceKubernetesCluster_autoscalingNoAvailabilityZones(t)
@@ -713,6 +735,17 @@ data "azurerm_kubernetes_cluster" "test" {
 `, KubernetesClusterResource{}.addonProfileRoutingConfig(data))
 }
 
+func (KubernetesClusterDataSource) addOnProfileOpenServiceMeshConfig(data acceptance.TestData) string {
+	return fmt.Sprintf(`
+%s
+
+data "azurerm_kubernetes_cluster" "test" {
+  name                = azurerm_kubernetes_cluster.test.name
+  resource_group_name = azurerm_kubernetes_cluster.test.resource_group_name
+}
+`, KubernetesClusterResource{}.addonProfileOpenServiceMeshConfig(data))
+}
+
 func (KubernetesClusterDataSource) autoScalingNoAvailabilityZonesConfig(data acceptance.TestData) string {
 	return fmt.Sprintf(`
 %s

website/docs/d/kubernetes_cluster.html.markdown

@@ -98,6 +98,8 @@ A `addon_profile` block exports the following:
 
 * `azure_policy` - A `azure_policy` block.
 
+* `open_service_mesh` - A `open_service_mesh` block.
+
 ---
 
 A `agent_pool_profile` block exports the following:
@@ -258,6 +260,12 @@ A `azure_policy` block supports the following:
 
 ---
 
+A `open_service_mesh` block supports the following:
+
+* `enabled` - Is Open Service Mesh enabled?
+
+---
+
 A `role_based_access_control` block exports the following:
 
 * `azure_active_directory` - A `azure_active_directory` block as documented above.

website/docs/r/kubernetes_cluster.html.markdown

@@ -215,6 +215,12 @@ A `addon_profile` block supports the following:
 
 * `oms_agent` - (Optional) A `oms_agent` block as defined below. For more details, please visit [How to onboard Azure Monitor for containers](https://docs.microsoft.com/en-us/azure/monitoring/monitoring-container-insights-onboard).
 
+* `open_service_mesh` - (Optional) A `open_service_mesh` block as defined below. For more details please visit [Announcing Public Preview of the Open Service Mesh (OSM) AKS add-on](https://techcommunity.microsoft.com/t5/apps-on-azure/announcing-public-preview-of-the-open-service-mesh-osm-aks-add/ba-p/2247361)
+
+-> **NOTE:** At this time Open Service Mesh is not supported in Azure China or Azure US Government.
+
+~> **Note:** Open Service Mesh is available on an opt-in Preview basis - to use this the Preview Feature `AKS-OpenServiceMesh` will need to be registered, [see the AKS Documentation for more information](https://docs.microsoft.com/en-gb/azure/aks/servicemesh-osm-about)
+
 ---
 
 A `auto_scaler_profile` block supports the following:
@@ -466,6 +472,14 @@ A `upgrade_settings` block supports the following:
 
 -> **Note:** If a percentage is provided, the number of surge nodes is calculated from the `node_count` value on the current cluster. Node surge can allow a cluster to have more nodes than `max_count` during an upgrade. Ensure that your cluster has enough [IP space](https://docs.microsoft.com/en-us/azure/aks/upgrade-cluster#customize-node-surge-upgrade) during an upgrade.
 
+---
+
+The `open_service_mesh` block exports the following:
+
+* `enabled` - (Required) Is the Open Service Mesh enabled?
+
+---
+
 ## Attributes Reference
 
 The following attributes are exported: