r/kubernetes_cluster: info on unexpected errors (#1197)

* Documenting some known issues with the vnet_subnet_id field

* Validating the agent pool name matches the regex in the error message from the API

* Fixing a typo

* Better explaining the routing issue

azurerm/resource_arm_kubernetes_cluster.go

@@ -4,6 +4,7 @@ import (
 	"bytes"
 	"fmt"
 	"log"
+	"regexp"
 
 	"github.com/Azure/azure-sdk-for-go/services/containerservice/mgmt/2017-09-30/containerservice"
 	"github.com/hashicorp/terraform/helper/hashcode"
@@ -127,9 +128,10 @@ func resourceArmKubernetesCluster() *schema.Resource {
 				Elem: &schema.Resource{
 					Schema: map[string]*schema.Schema{
 						"name": {
-							Type:     schema.TypeString,
-							Required: true,
-							ForceNew: true,
+							Type:         schema.TypeString,
+							Required:     true,
+							ForceNew:     true,
+							ValidateFunc: validateKubernetesClusterAgentPoolName(),
 						},
 
 						"count": {
@@ -560,3 +562,10 @@ func resourceAzureRMKubernetesClusterServicePrincipalProfileHash(v interface{})
 
 	return hashcode.String(buf.String())
 }
+
+func validateKubernetesClusterAgentPoolName() schema.SchemaValidateFunc {
+	return validation.StringMatch(
+		regexp.MustCompile("^[a-z]{1}[a-z0-9]{0,11}$"),
+		"Agent Pool names must start with a lowercase letter, have max length of 12, and only have characters a-z0-9.",
+	)
+}

azurerm/resource_arm_kubernetes_cluster_test.go

@@ -11,6 +11,64 @@ import (
 	"github.com/hashicorp/terraform/terraform"
 )
 
+func TestAccAzureRMKubernetesCluster_agentPoolName(t *testing.T) {
+	cases := []struct {
+		Input       string
+		ExpectError bool
+	}{
+		{
+			Input:       "",
+			ExpectError: true,
+		},
+		{
+			Input:       "hi",
+			ExpectError: false,
+		},
+		{
+			Input:       "hello",
+			ExpectError: false,
+		},
+		{
+			Input:       "hello-world",
+			ExpectError: true,
+		},
+		{
+			Input:       "helloworld123",
+			ExpectError: true,
+		},
+		{
+			Input:       "hello_world",
+			ExpectError: true,
+		},
+		{
+			Input:       "Hello-World",
+			ExpectError: true,
+		},
+		{
+			Input:       "20202020",
+			ExpectError: true,
+		},
+		{
+			Input:       "h20202020",
+			ExpectError: false,
+		},
+		{
+			Input:       "ABC123!@£",
+			ExpectError: true,
+		},
+	}
+
+	for _, tc := range cases {
+		_, errors := validateKubernetesClusterAgentPoolName()(tc.Input, "")
+
+		hasError := len(errors) > 0
+
+		if tc.ExpectError && !hasError {
+			t.Fatalf("Expected the Kubernetes Cluster Agent Pool Name to trigger a validation error for '%s'", tc.Input)
+		}
+	}
+}
+
 func TestAccAzureRMKubernetesCluster_basic(t *testing.T) {
 	resourceName := "azurerm_kubernetes_cluster.test"
 	ri := acctest.RandInt()

website/docs/r/kubernetes_cluster.html.markdown

@@ -119,6 +119,8 @@ The following arguments are supported:
 * `os_type` - (Optional) The Operating System used for the Agents. Possible values are `Linux` and `Windows`.  Changing this forces a new resource to be created. Defaults to `Linux`.
 * `vnet_subnet_id` - (Optional) The ID of the Subnet where the Agents in the Pool should be provisioned. Changing this forces a new resource to be created.
 
+~> **NOTE:** There's a known issue where Agents connected to an Internal Network (e.g. on a Subnet) have their network routing configured incorrectly; such that Pods cannot communicate across nodes. This is a bug in the Azure API - and will be fixed there in the future.
+
 `service_principal` supports the following:
 
 * `client_id` - (Required) The Client ID for the Service Principal.
@@ -148,6 +150,19 @@ The following attributes are exported:
 
   * `password` - A password or token used to authenticate to the Kubernetes cluster.
 
+-> **NOTE:** It's possible to use these credentials with [the Kubernetes Provider](/docs/providers/kubernetes/index.html) like so:
+
+```
+provider "kubernetes" {
+  host                   = "${azurerm_kubernetes_cluster.main.kube_config.0.host}"
+  username               = "${azurerm_kubernetes_cluster.main.kube_config.0.username}"
+  password               = "${azurerm_kubernetes_cluster.main.kube_config.0.password}"
+  client_certificate     = "${base64decode(azurerm_kubernetes_cluster.main.kube_config.0.client_certificate)}"
+  client_key             = "${base64decode(azurerm_kubernetes_cluster.main.kube_config.0.client_key)}"
+  cluster_ca_certificate = "${base64decode(azurerm_kubernetes_cluster.main.kube_config.0.cluster_ca_certificate)}"
+}
+```
+
 ## Import
 
 Kubernetes Managed Clusters can be imported using the `resource id`, e.g.