Merge pull request #225 from sassoftware/staging

March Release - 4.4.0

docs/CONFIG-VARS.md

@@ -32,7 +32,7 @@ Terraform input variables can be set in the following ways:
 | Name | Description | Type | Default | Notes |
 | :--- | ---: | ---: | ---: | ---: |
 | prefix | A prefix used in the name of all the Azure resources created by this script. | string | | The prefix string must start with a lowercase letter and contain only lowercase alphanumeric characters and dashes (-), but it cannot end with a dash. |
-| location | The Azure Region to provision all resources in this script. | string | "East US" | |
+| location | The Azure Region to provision all resources in this script. | string | "eastus" | |
 
 ### Azure Authentication
 
@@ -80,9 +80,11 @@ You can use `default_public_access_cidrs` to set a default range for all created
 ## Networking
 
 | Name | Description | Type | Default | Notes |
-| :--- | ---: | ---: | ---: | ---: |
+| :--- | ---: | ---: | ---: | :--- |
 | vnet_address_space | Address space for created vnet | string | "192.168.0.0/16" | This variable is ignored when vnet_name is set (AKA bring your own vnet). |
 | subnets | Subnets to be created and their settings | map(object) | *check below* | This variable is ignored when subnet_names is set (AKA bring your own subnets). All defined subnets must exist within the vnet address space. |
+| cluster_egress_type | The outbound (egress) routing method to be used for this Kubernetes Cluster | string | "loadBalancer" | Possible values: <ul><li>`loadBalancer`<li>`userDefinedRouting`</ul> By default, AKS will create and use a [loadbalancer](https://docs.microsoft.com/en-us/azure/aks/load-balancer-standard) for outgoing connections.<p>Set to `userDefinedRouting` when using your own network [egress](https://docs.microsoft.com/en-us/azure/aks/egress-outboundtype). |
+
 
 The default values for the `subnets` variable are as follows:
 
@@ -139,8 +141,6 @@ Note: All of the following resources are expected to be in the Resource Group se
 | subnet_names | Existing subnets mapped to desired usage. | map(string) | null | Only required if deploying into existing subnets. See the example that follows. |
 | nsg_name | Name of pre-existing network security group. | string | null | Only required if deploying into existing NSG. |
 | aks_uai_name | Name of existing User Assigned Identity for the cluster | string | null | This Identity will need permissions as listed in [AKS Cluster Identity Permissions](https://docs.microsoft.com/en-us/azure/aks/concepts-identity#aks-cluster-identity-permissions) and [Additional Cluster Identity Permissions](https://docs.microsoft.com/en-us/azure/aks/concepts-identity#additional-cluster-identity-permissions). Alternatively, use can use the [Contributor](https://docs.microsoft.com/en-us/azure/role-based-access-control/built-in-roles#contributor) role for this Identity. |
-| egress_public_ip_name | Name of pre-existing public ip resource for your network egress (NAT, Firewall, or similar). | string | null | Only required when using your own network [egress](https://docs.microsoft.com/en-us/azure/aks/egress-outboundtype). By default, AKS will create and use a [loadbalancer](https://docs.microsoft.com/en-us/azure/aks/load-balancer-standard) for outgoing connections. |
-
 
 Example for the `subnet_names` variable:
 

docs/user/BYOnetwork.md

@@ -20,7 +20,7 @@ Any BYO resources you bring are expected to be in the `vnet_resource_group_name`
 | :--- | :--- | :--- | :--- |
 | Use an existing VNET | `vnet_name` | <ul><li>the VNET IPv4 address space(s) must encompass the subnet cidr ranges as set by the [`subnets` variable](../CONFIG-VARS.md#networking) |creates a VNET with the primary address space as set in the [`vnet_address_space` variable](../CONFIG-VARS.md#networking).|
 | Use VNET with Subnets | `subnet_names` | <ul><li>a VNET set with the `vnet_name` variable.<li>use the subnet attributes as listed in the default value for the [`subnets` variable](../CONFIG-VARS.md#networking) <li>you also need to have a [Route Table and a Route to the aks subnet](https://docs.microsoft.com/en-us/azure/aks/configure-kubenet#bring-your-own-subnet-and-route-table-with-kubenet)<li>an [AKS Cluster identity](#cluster-identity) with write permissions to the aks subnet and route table | creates subnets as set in the [`subnets` variable](../CONFIG-VARS.md#networking), as well as a Route Table for the AKS subnet. Note that [AKS will modify the Route Table](https://docs.microsoft.com/en-us/azure/aks/configure-kubenet#bring-your-own-subnet-and-route-table-with-kubenet).  |
-| Network Egress| `egress_public_ip_name` | <ul><li>A VNET and subnets set with the `vnet_name` and `subnet_names` variables. | AKS will create and use a [loadbalancer](https://docs.microsoft.com/en-us/azure/aks/load-balancer-standard) for outoing traffic.
+| Provide Network Egress| `cluster_egress_type="userDefinedRouting"` | <ul><li>A VNET and subnets set with the `vnet_name` and `subnet_names` variables. <li>Network  [egress](https://docs.microsoft.com/en-us/azure/aks/egress-outboundtype) needs to be defined (with NAT, Azure Firewall or similar) | AKS will create and use a [loadbalancer](https://docs.microsoft.com/en-us/azure/aks/load-balancer-standard) for outgoing traffic.|
 
 ## Network Security Group
 

locals.tf

@@ -59,5 +59,13 @@ locals {
                    )
                  : null
                )
+
+  cluster_egress_type = ( var.cluster_egress_type == null
+                          ? ( var.egress_public_ip_name == null
+                              ? "loadBalancer"
+                              : "userDefinedRouting"
+                            )
+                          : var.cluster_egress_type
+                        )
 }
 

main.tf

@@ -155,15 +155,14 @@ module "aks" {
   aks_network_policy                       = var.aks_network_policy
   aks_dns_service_ip                       = var.aks_dns_service_ip
   aks_docker_bridge_cidr                   = var.aks_docker_bridge_cidr
-  aks_outbound_type                        = var.aks_outbound_type
+  cluster_egress_type                      = local.cluster_egress_type
   aks_pod_cidr                             = var.aks_pod_cidr
   aks_service_cidr                         = var.aks_service_cidr
   aks_cluster_tags                         = var.tags
   aks_uai_id                               = local.aks_uai_id
   client_id                                = var.client_id
   client_secret                            = var.client_secret
   aks_private_cluster                      = var.cluster_api_mode == "private" ? true : false
-  cluster_egress_type                      = var.egress_public_ip_name ==  null ? "loadBalancer" : "userDefinedRouting"
   depends_on                               = [module.vnet]
 }
 

modules/azure_aks/variables.tf

@@ -6,7 +6,7 @@ variable aks_cluster_dns_prefix {}
 
 variable "aks_cluster_location" {
   description = "The Azure Region in which all resources in this example should be provisioned"
-  default     = "East US"
+  default     = "eastus"
 }
 
 variable "aks_private_cluster" {
@@ -91,11 +91,6 @@ variable "aks_docker_bridge_cidr" {
   default     = "172.17.0.1/16"
 }
 
-variable "aks_outbound_type" {
-  description = "The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are loadBalancer and userDefinedRouting. Defaults to loadBalancer."
-  default     = "loadBalancer"
-}
-
 variable "aks_pod_cidr" {
   description = "The CIDR to use for pod IP addresses. This field can only be set when network_plugin is set to kubenet. Changing this forces a new resource to be created."
   default     = "10.244.0.0/16"

variables.tf

@@ -38,7 +38,7 @@ variable "prefix" {
 }
 variable "location" {
   description = "The Azure Region to provision all resources in this script"
-  default     = "East US"
+  default     = "eastus"
 }
 
 variable "ssh_public_key" {
@@ -134,9 +134,14 @@ variable "aks_docker_bridge_cidr" {
   default     = "172.17.0.1/16"
 }
 
-variable "aks_outbound_type" {
+variable "cluster_egress_type" {
   description = "The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are loadBalancer and userDefinedRouting. Defaults to loadBalancer."
-  default     = "loadBalancer"
+  default     = null
+  validation {
+    condition     = var.cluster_egress_type != null ? contains(["loadBalancer", "userDefinedRouting"], var.cluster_egress_type) : true
+    error_message = "ERROR: Supported values for `cluster_egress_type` are: loadBalancer, userDefinedRouting."
+  }
+
 }
 
 variable "aks_pod_cidr" {
@@ -513,7 +518,7 @@ variable "nsg_name" {
 variable "egress_public_ip_name" {
   type        = string
   default     = null
-  description = "Name of pre-existing Public IP for the Network egress."
+  description = "DEPRECATED: Name of pre-existing Public IP for the Network egress."
 }
 
 variable "subnet_names" {