diff --git a/azurerm/data_source_kubernetes_cluster_test.go b/azurerm/data_source_kubernetes_cluster_test.go index 03f9f1a08f1c..1d093bbdad27 100644 --- a/azurerm/data_source_kubernetes_cluster_test.go +++ b/azurerm/data_source_kubernetes_cluster_test.go @@ -183,6 +183,37 @@ func TestAccDataSourceAzureRMKubernetesCluster_advancedNetworkingAzureCalicoPoli }) } +func TestAccDataSourceAzureRMKubernetesCluster_advancedNetworkingAzureNPMPolicy(t *testing.T) { + dataSourceName := "data.azurerm_kubernetes_cluster.test" + ri := tf.AccRandTimeInt() + clientId := os.Getenv("ARM_CLIENT_ID") + clientSecret := os.Getenv("ARM_CLIENT_SECRET") + location := testLocation() + config := testAccDataSourceAzureRMKubernetesCluster_advancedNetworkingAzureNPMPolicy(ri, clientId, clientSecret, location) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMKubernetesClusterDestroy, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMKubernetesClusterExists(dataSourceName), + resource.TestCheckResourceAttrSet(dataSourceName, "agent_pool_profile.0.vnet_subnet_id"), + resource.TestCheckResourceAttr(dataSourceName, "network_profile.0.network_plugin", "azure"), + resource.TestCheckResourceAttr(dataSourceName, "network_profile.0.network_policy", "azure"), + resource.TestCheckResourceAttrSet(dataSourceName, "network_profile.0.network_plugin"), + resource.TestCheckResourceAttrSet(dataSourceName, "network_profile.0.network_policy"), + resource.TestCheckResourceAttrSet(dataSourceName, "network_profile.0.dns_service_ip"), + resource.TestCheckResourceAttrSet(dataSourceName, "network_profile.0.docker_bridge_cidr"), + resource.TestCheckResourceAttrSet(dataSourceName, "network_profile.0.service_cidr"), + ), + }, + }, + }) +} + func TestAccDataSourceAzureRMKubernetesCluster_advancedNetworkingAzureComplete(t *testing.T) { dataSourceName := "data.azurerm_kubernetes_cluster.test" ri := tf.AccRandTimeInt() @@ -243,6 +274,37 @@ func TestAccDataSourceAzureRMKubernetesCluster_advancedNetworkingAzureCalicoPoli }) } +func TestAccDataSourceAzureRMKubernetesCluster_advancedNetworkingAzureNPMPolicyComplete(t *testing.T) { + dataSourceName := "data.azurerm_kubernetes_cluster.test" + ri := tf.AccRandTimeInt() + clientId := os.Getenv("ARM_CLIENT_ID") + clientSecret := os.Getenv("ARM_CLIENT_SECRET") + location := testLocation() + config := testAccDataSourceAzureRMKubernetesCluster_advancedNetworkingAzureNPMPolicyComplete(ri, clientId, clientSecret, location) + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMKubernetesClusterDestroy, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMKubernetesClusterExists(dataSourceName), + resource.TestCheckResourceAttrSet(dataSourceName, "agent_pool_profile.0.vnet_subnet_id"), + resource.TestCheckResourceAttr(dataSourceName, "network_profile.0.network_plugin", "azure"), + resource.TestCheckResourceAttr(dataSourceName, "network_profile.0.network_policy", "azure"), + resource.TestCheckResourceAttrSet(dataSourceName, "network_profile.0.network_plugin"), + resource.TestCheckResourceAttrSet(dataSourceName, "network_profile.0.network_policy"), + resource.TestCheckResourceAttrSet(dataSourceName, "network_profile.0.dns_service_ip"), + resource.TestCheckResourceAttrSet(dataSourceName, "network_profile.0.docker_bridge_cidr"), + resource.TestCheckResourceAttrSet(dataSourceName, "network_profile.0.service_cidr"), + ), + }, + }, + }) +} + func TestAccDataSourceAzureRMKubernetesCluster_advancedNetworkingKubenet(t *testing.T) { dataSourceName := "data.azurerm_kubernetes_cluster.test" ri := tf.AccRandTimeInt() @@ -427,6 +489,18 @@ data "azurerm_kubernetes_cluster" "test" { `, r) } +func testAccDataSourceAzureRMKubernetesCluster_advancedNetworkingAzureNPMPolicy(rInt int, clientId string, clientSecret string, location string) string { + r := testAccAzureRMKubernetesCluster_advancedNetworkingWithPolicy(rInt, clientId, clientSecret, location, "azure", "azure") + return fmt.Sprintf(` +%s + +data "azurerm_kubernetes_cluster" "test" { + name = "${azurerm_kubernetes_cluster.test.name}" + resource_group_name = "${azurerm_kubernetes_cluster.test.resource_group_name}" +} +`, r) +} + func testAccDataSourceAzureRMKubernetesCluster_advancedNetworkingAzureComplete(rInt int, clientId string, clientSecret string, location string) string { r := testAccAzureRMKubernetesCluster_advancedNetworkingComplete(rInt, clientId, clientSecret, location, "azure") return fmt.Sprintf(` @@ -451,6 +525,18 @@ data "azurerm_kubernetes_cluster" "test" { `, r) } +func testAccDataSourceAzureRMKubernetesCluster_advancedNetworkingAzureNPMPolicyComplete(rInt int, clientId string, clientSecret string, location string) string { + r := testAccAzureRMKubernetesCluster_advancedNetworkingWithPolicyComplete(rInt, clientId, clientSecret, location, "azure", "azure") + return fmt.Sprintf(` +%s + +data "azurerm_kubernetes_cluster" "test" { + name = "${azurerm_kubernetes_cluster.test.name}" + resource_group_name = "${azurerm_kubernetes_cluster.test.resource_group_name}" +} +`, r) +} + func testAccDataSourceAzureRMKubernetesCluster_advancedNetworkingKubenet(rInt int, clientId string, clientSecret string, location string) string { r := testAccAzureRMKubernetesCluster_advancedNetworking(rInt, clientId, clientSecret, location, "kubenet") return fmt.Sprintf(` diff --git a/azurerm/resource_arm_kubernetes_cluster.go b/azurerm/resource_arm_kubernetes_cluster.go index 93835c768888..ac0fff30f101 100644 --- a/azurerm/resource_arm_kubernetes_cluster.go +++ b/azurerm/resource_arm_kubernetes_cluster.go @@ -320,6 +320,7 @@ func resourceArmKubernetesCluster() *schema.Resource { ForceNew: true, ValidateFunc: validation.StringInSlice([]string{ string(containerservice.Calico), + string(containerservice.Azure), }, false), }, diff --git a/azurerm/resource_arm_kubernetes_cluster_test.go b/azurerm/resource_arm_kubernetes_cluster_test.go index 293e73dd7636..495f363528b3 100644 --- a/azurerm/resource_arm_kubernetes_cluster_test.go +++ b/azurerm/resource_arm_kubernetes_cluster_test.go @@ -500,6 +500,54 @@ func TestAccAzureRMKubernetesCluster_advancedNetworkingAzureCalicoPolicyComplete }) } +func TestAccAzureRMKubernetesCluster_advancedNetworkingAzureNPMPolicy(t *testing.T) { + resourceName := "azurerm_kubernetes_cluster.test" + ri := tf.AccRandTimeInt() + clientId := os.Getenv("ARM_CLIENT_ID") + clientSecret := os.Getenv("ARM_CLIENT_SECRET") + config := testAccAzureRMKubernetesCluster_advancedNetworkingWithPolicy(ri, clientId, clientSecret, testLocation(), "azure", "azure") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMKubernetesClusterDestroy, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMKubernetesClusterExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "network_profile.0.network_plugin", "azure"), + resource.TestCheckResourceAttr(resourceName, "network_profile.0.network_policy", "azure"), + ), + }, + }, + }) +} + +func TestAccAzureRMKubernetesCluster_advancedNetworkingAzureNPMPolicyComplete(t *testing.T) { + resourceName := "azurerm_kubernetes_cluster.test" + ri := tf.AccRandTimeInt() + clientId := os.Getenv("ARM_CLIENT_ID") + clientSecret := os.Getenv("ARM_CLIENT_SECRET") + config := testAccAzureRMKubernetesCluster_advancedNetworkingWithPolicyComplete(ri, clientId, clientSecret, testLocation(), "azure", "azure") + + resource.ParallelTest(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testCheckAzureRMKubernetesClusterDestroy, + Steps: []resource.TestStep{ + { + Config: config, + Check: resource.ComposeTestCheckFunc( + testCheckAzureRMKubernetesClusterExists(resourceName), + resource.TestCheckResourceAttr(resourceName, "network_profile.0.network_plugin", "azure"), + resource.TestCheckResourceAttr(resourceName, "network_profile.0.network_policy", "azure"), + ), + }, + }, + }) +} + func testCheckAzureRMKubernetesClusterExists(resourceName string) resource.TestCheckFunc { return func(s *terraform.State) error { // Ensure we have enough information in state to look up in API diff --git a/website/docs/d/kubernetes_cluster.html.markdown b/website/docs/d/kubernetes_cluster.html.markdown index 0262d0fd347d..4d262f9de28b 100644 --- a/website/docs/d/kubernetes_cluster.html.markdown +++ b/website/docs/d/kubernetes_cluster.html.markdown @@ -159,7 +159,7 @@ A `network_profile` block exports the following: * `network_plugin` - Network plugin used such as `azure` or `kubenet`. -* `network_policy` - Network policy to be used with Azure CNI. Eg: `calico` +* `network_policy` - Network policy to be used with Azure CNI. Eg: `calico` or `azure` * `pod_cidr` - The CIDR used for pod IP addresses. diff --git a/website/docs/r/kubernetes_cluster.html.markdown b/website/docs/r/kubernetes_cluster.html.markdown index 0bf2fd064035..fa638847b1bb 100644 --- a/website/docs/r/kubernetes_cluster.html.markdown +++ b/website/docs/r/kubernetes_cluster.html.markdown @@ -146,7 +146,7 @@ A `network_profile` block supports the following: -> **NOTE:** When `network_plugin` is set to `azure` - the `vnet_subnet_id` field in the `agent_pool_profile` block must be set. -* `network_policy` - (Optional) Sets up network policy to be used with Azure CNI. [Network policy allows us to control the traffic flow between pods](https://docs.microsoft.com/en-us/azure/aks/use-network-policies). This field can only be set when `network_plugin` is set to `azure`. Currently the only accepted value is `calico` which installs Calico daemonset. Changing this forces a new resource to be created. +* `network_policy` - (Optional) Sets up network policy to be used with Azure CNI. [Network policy allows us to control the traffic flow between pods](https://docs.microsoft.com/en-us/azure/aks/use-network-policies). This field can only be set when `network_plugin` is set to `azure`. Currently supported values are `calico` and `azure`. Changing this forces a new resource to be created. * `dns_service_ip` - (Optional) IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). This is required when `network_plugin` is set to `azure`. Changing this forces a new resource to be created.