Azure Native containerservice ManagedCluster does not support disabling public FQDN of the api-server

[radirobi]

What happened?

In Azure AKS it is possible to disable the public FQDN of the API server using the enablePrivateClusterPublicFQDN property, see the official documentation:
https://docs.microsoft.com/de-de/azure/templates/microsoft.containerservice/managedclusters?tabs=json#managedclusterapiserveraccessprofile

The Azure-native Pulumi SDK seems to be missing the option to configure this.

The older SDK was containing this property:
https://www.pulumi.com/registry/packages/azure/api-docs/containerservice/kubernetescluster/#state_privateclusterpublicfqdnenabled_go

Please, adjust the azure-native SDK to be able to disable the public FQDN.

Steps to reproduce

1. Install Pulumi Goland SDK
2. Use the following code snippet and adjust required values

		containerservice.NewManagedCluster(ctx, "managed", &containerservice.ManagedClusterArgs{
			DnsPrefix:         pulumi.String("myapiserver"),
			ResourceGroupName: pulumi.String("myrsg"), //modify it
			ApiServerAccessProfile: &containerservice.ManagedClusterAPIServerAccessProfileArgs{
				EnablePrivateCluster: pulumi.Bool(true),
				PrivateDNSZone:       pulumi.String("system"),
				//missing the option: enablePrivateClusterPublicFQDN
			},
			Identity: containerservice.ManagedClusterIdentityArgs{
				Type: containerservice.ResourceIdentityTypeSystemAssigned,
			},
			Sku: containerservice.ManagedClusterSKUArgs{
				Name: pulumi.String("Basic"),
				Tier: pulumi.String("Free"),
			},
			NodeResourceGroup: pulumi.String("cluster-nodes"),
			ResourceName:      pulumi.String("mycluster"),
			AgentPoolProfiles: containerservice.ManagedClusterAgentPoolProfileArray{
				containerservice.ManagedClusterAgentPoolProfileArgs{
					Count:              pulumi.Int(1),
					Mode:               pulumi.String("System"),
					Name:               pulumi.String("systemnodes"),
					VmSize:             pulumi.String("Standard_B2s"),
					EnableNodePublicIP: pulumi.Bool(false),
					VnetSubnetID:       pulumi.String("vnetID"), //modify it
				},
			},
			PrivateLinkResources: containerservice.PrivateLinkResourceArray{
				containerservice.PrivateLinkResourceArgs{
					GroupId: pulumi.String("management"),
					Name:    pulumi.String("management"),
				},
			},
		})

Expected Behavior

To be able to disable the public FQDN of the Kubernetes apiserver.

Actual Behavior

Public FQDN is present and can not be disable.

Versions used

Pulumi 3.29.1

Additional context

No response

Contributing

Vote on this issue by adding a 👍 reaction.
To contribute a fix for this issue, leave a comment (and link to your pull request, if you've opened one already).

[guineveresaenger]

Hi @radirobi - thank you for filing this bug! We'll take a look as soon as we can.

[rtrindvg]

Same issue here. If anyone has any new information to share about the status of this bug, I would really appreciate it.

[viveklak]

I believe you want to use one of the preview versions of the container service instead which does in fact support this feature: https://github.com/pulumi/pulumi-azure-native/blob/master/sdk/dotnet/ContainerService/V20220502Preview/Inputs/ManagedClusterAPIServerAccessProfileArgs.cs#L45

The default top level resources correspond to v2021-03-01 of the api spec published by azure. Due to the large api version splay in azure api specifications our docs currently only provide the latest "stable" api version (and not previews).

[nicklasfrahm]

According to this it should be GA.

It is also available in version V20220701 of this SDK, which does not appear to be a preview. We are using Golang and unfortunately it is not available there using the default version.

[mikhailshilkov]

This is now fixed and available in the default version in 2.x of the provider: https://www.pulumi.com/registry/packages/azure-native/api-docs/containerservice/managedcluster/#enableprivateclusterpublicfqdn_nodejs