azurerm_kubernetes_clusterazurerm_kubernetes_cluster_node_pool - support for the node_public_ip_tags property

[ms-henglu]

Closes #19128

[stephybun]

Thanks for this PR @ms-henglu. I left a few minor comments in-line, but once those are fixed up this should be good to go!

[stephybun]

There are test failures:

------- Stdout: -------
=== RUN   TestAccKubernetesClusterNodePool_nodeIPTags
=== PAUSE TestAccKubernetesClusterNodePool_nodeIPTags
=== CONT  TestAccKubernetesClusterNodePool_nodeIPTags
testcase.go:110: Step 1/2 error: After applying this test step, the plan was not empty.
stdout:
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement
Terraform will perform the following actions:
# azurerm_kubernetes_cluster_node_pool.test must be replaced
-/+ resource "azurerm_kubernetes_cluster_node_pool" "test" {
- custom_ca_trust_enabled = false -> null
- enable_auto_scaling     = false -> null
- enable_host_encryption  = false -> null
- fips_enabled            = false -> null
~ id                      = "/subscriptions/*******/resourceGroups/acctestRG-aks-230119131734642943/providers/Microsoft.ContainerService/managedClusters/acctestaks230119131734642943/agentPools/internal" -> (known after apply)
~ kubelet_disk_type       = "OS" -> (known after apply)
- max_count               = 0 -> null
~ max_pods                = 110 -> (known after apply)
- min_count               = 0 -> null
name                    = "internal"
~ node_count              = 0 -> (known after apply)
~ node_labels             = {} -> (known after apply)
~ orchestrator_version    = "1.24.6" -> (known after apply)
~ os_disk_size_gb         = 128 -> (known after apply)
~ os_sku                  = "Ubuntu" -> (known after apply)
# (10 unchanged attributes hidden)
+ node_network_profile {
+ node_public_ip_tags = {
+ "RoutingPreference" = "Internet"
} # forces replacement
}
}
Plan: 1 to add, 0 to change, 1 to destroy.
--- FAIL: TestAccKubernetesClusterNodePool_nodeIPTags (872.74s)
FAIL

------- Stdout: -------
=== RUN   TestAccKubernetesCluster_clusterPoolNodePublicIPTags
=== PAUSE TestAccKubernetesCluster_clusterPoolNodePublicIPTags
=== CONT  TestAccKubernetesCluster_clusterPoolNodePublicIPTags
testcase.go:110: Step 1/2 error: After applying this test step, the plan was not empty.
stdout:
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement
Terraform will perform the following actions:
# azurerm_kubernetes_cluster.test must be replaced
-/+ resource "azurerm_kubernetes_cluster" "test" {
~ api_server_authorized_ip_ranges     = [] -> (known after apply)
- enable_pod_security_policy          = false -> null
~ fqdn                                = "acctestaks230119130043638271-64f6eacc.hcp.eastus.azmk8s.io" -> (known after apply)
+ http_application_routing_zone_name  = (known after apply)
~ id                                  = "/subscriptions/*******/resourceGroups/acctestRG-aks-230119130043638271/providers/Microsoft.ContainerService/managedClusters/acctestaks230119130043638271" -> (known after apply)
~ kube_admin_config                   = (sensitive value)
+ kube_admin_config_raw               = (sensitive value)
~ kube_config                         = (sensitive value)
~ kube_config_raw                     = (sensitive value)
~ kubernetes_version                  = "1.24.6" -> (known after apply)
- local_account_disabled              = false -> null
name                                = "acctestaks230119130043638271"
~ node_resource_group                 = "MC_acctestRG-aks-230119130043638271_acctestaks230119130043638271_eastus" -> (known after apply)
- oidc_issuer_enabled                 = false -> null
+ oidc_issuer_url                     = (known after apply)
~ portal_fqdn                         = "acctestaks230119130043638271-64f6eacc.portal.hcp.eastus.azmk8s.io" -> (known after apply)
+ private_dns_zone_id                 = (known after apply)
+ private_fqdn                        = (known after apply)
# (12 unchanged attributes hidden)
+ api_server_access_profile {
+ authorized_ip_ranges     = (known after apply)
+ subnet_id                = (known after apply)
+ vnet_integration_enabled = (known after apply)
}
+ auto_scaler_profile {
+ balance_similar_node_groups      = (known after apply)
+ empty_bulk_delete_max            = (known after apply)
+ expander                         = (known after apply)
+ max_graceful_termination_sec     = (known after apply)
+ max_node_provisioning_time       = (known after apply)
+ max_unready_nodes                = (known after apply)
+ max_unready_percentage           = (known after apply)
+ new_pod_scale_up_delay           = (known after apply)
+ scale_down_delay_after_add       = (known after apply)
+ scale_down_delay_after_delete    = (known after apply)
+ scale_down_delay_after_failure   = (known after apply)
+ scale_down_unneeded              = (known after apply)
+ scale_down_unready               = (known after apply)
+ scale_down_utilization_threshold = (known after apply)
+ scan_interval                    = (known after apply)
+ skip_nodes_with_local_storage    = (known after apply)
+ skip_nodes_with_system_pods      = (known after apply)
}
~ default_node_pool {
- custom_ca_trust_enabled      = false -> null
- enable_auto_scaling          = false -> null
- enable_host_encryption       = false -> null
- fips_enabled                 = false -> null
~ kubelet_disk_type            = "OS" -> (known after apply)
- max_count                    = 0 -> null
~ max_pods                     = 110 -> (known after apply)
- min_count                    = 0 -> null
name                         = "default"
~ node_labels                  = {} -> (known after apply)
- only_critical_addons_enabled = false -> null
~ orchestrator_version         = "1.24.6" -> (known after apply)
~ os_disk_size_gb              = 128 -> (known after apply)
~ os_sku                       = "Ubuntu" -> (known after apply)
+ workload_runtime             = (known after apply)
# (7 unchanged attributes hidden)
+ node_network_profile {
+ node_public_ip_tags = {
+ "RoutingPreference" = "Internet"
} # forces replacement
}
}
~ identity {
~ principal_id = "302382d3-eb99-4e11-b83e-0e2d5ca4a104" -> (known after apply)
~ tenant_id    = "*******" -> (known after apply)
# (1 unchanged attribute hidden)
}
~ kubelet_identity {
~ client_id                 = "d63e049c-7ea2-4716-afd1-adf4269719f0" -> (known after apply)
~ object_id                 = "4bccf6e5-0892-4457-b60b-cec34641e670" -> (known after apply)
~ user_assigned_identity_id = "/subscriptions/*******/resourceGroups/MC_acctestRG-aks-230119130043638271_acctestaks230119130043638271_eastus/providers/Microsoft.ManagedIdentity/userAssignedIdentities/acctestaks230119130043638271-agentpool" -> (known after apply)
}
~ network_profile {
~ dns_service_ip      = "10.0.0.10" -> (known after apply)
~ docker_bridge_cidr  = "172.17.0.1/16" -> (known after apply)
+ ebpf_data_plane     = (known after apply)
~ ip_versions         = [
- "IPv4",
] -> (known after apply)
~ load_balancer_sku   = "standard" -> (known after apply)
+ network_mode        = (known after apply)
~ network_plugin      = "kubenet" -> (known after apply)
+ network_plugin_mode = (known after apply)
+ network_policy      = (known after apply)
~ outbound_type       = "loadBalancer" -> (known after apply)
~ pod_cidr            = "10.244.0.0/16" -> (known after apply)
~ pod_cidrs           = [
- "10.244.0.0/16",
] -> (known after apply)
~ service_cidr        = "10.0.0.0/16" -> (known after apply)
~ service_cidrs       = [
- "10.0.0.0/16",
] -> (known after apply)
~ load_balancer_profile {
~ effective_outbound_ips      = [
- "/subscriptions/*******/resourceGroups/MC_acctestRG-aks-230119130043638271_acctestaks230119130043638271_eastus/providers/Microsoft.Network/publicIPAddresses/28086d92-d5f8-4de2-842f-36a21059e706",
] -> (known after apply)
~ idle_timeout_in_minutes     = 0 -> (known after apply)
~ managed_outbound_ip_count   = 1 -> (known after apply)
~ managed_outbound_ipv6_count = 0 -> (known after apply)
~ outbound_ip_address_ids     = [] -> (known after apply)
~ outbound_ip_prefix_ids      = [] -> (known after apply)
~ outbound_ports_allocated    = 0 -> (known after apply)
}
+ nat_gateway_profile {
+ effective_outbound_ips    = (known after apply)
+ idle_timeout_in_minutes   = (known after apply)
+ managed_outbound_ip_count = (known after apply)
}
}
+ windows_profile {
+ admin_password = (sensitive value)
+ admin_username = (known after apply)
+ license        = (known after apply)
+ gmsa {
+ dns_server  = (known after apply)
+ root_domain = (known after apply)
}
}
}
Plan: 1 to add, 0 to change, 1 to destroy.
--- FAIL: TestAccKubernetesCluster_clusterPoolNodePublicIPTags (815.74s)
FAIL

[ms-henglu]

Hi @stephybun ,

Tests passed!

[ms-henglu]

Hi @stephybun ,

Would you please take another look? The tests are passed.

[stephybun]

Thanks @ms-henglu. I reverted the last change which added a check on the length of the tags, since that would become problematic if more properties are added to the network profile block for nodes. For now this is fine.

LGTM 👍

[github-actions]

This functionality has been released in v3.41.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

[github-actions]

I'm going to lock this pull request because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active contributions.
If you have found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.