Releases: Azure-Terraform/terraform-azurerm-kubernetes
UAI Workaround
This release implements a workaround for a bug in the azuerm provider described here.
When using user-assigned identities, Terraform will always find a change to the identity block of the azuerrm_kubernetes_cluster resource. Here is an example of such a change:
~ identity {
~ user_assigned_identity_id = "/subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/example/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test" -> "/subscriptions/00000000-0000-0000-0000-000000000000/resourcegroups/example/providers/Microsoft.ManagedIdentity/userAssignedIdentities/test"
# (1 unchanged attribute hidden)
}
This proposed change is safe to apply, nothing will actually be updated.
This update to the module should be reverted when Azure/Hashicorp fixes the underlying issue.
Bugfix
- Fix incorrect default value for log_analytics_workspace_id variable.
SKU Tier Setting
Allow setting the cluster's SKU tier. The paid tier has a financially-backed uptime SLA. Read doc here.
Log Analytics Workspace support
v3.1.0 terraform-docs: automated action
Fix UAI network role
Merge pull request #48 from Azure-Terraform/uai_fix Fixed additional references to user assigned identity
Fix UAI network role
v3.0.3 UAI Principal id updated in role assignment (#47)
Fix network security group limitation
When using an NSG to limit egress traffic from AKS, the Azure docs tell us that adding the following rules will work:
- UDP 1194 to service tag
AzureCloud - TCP 9000 to service tag
AzureCloud - UDP 123 to
*
We've found that doesn't always work, and sometimes AKS doesn't return successfully. We brought it up to Azure support, who eventually said to add this rule:
- TCP 443 to service tag
AzureFrontDoor.FirstParty
We've verified that this does indeed fix the issue. We're also still arguing with Microsoft that the AzureCloud tag should encompass everything that's in AzureFrontDoor but they've told us that's not the case and this is the fix. So, for now, this is what we're doing.
minor bugfix
Fix for input type restriction.
Node Pool Management
This manages all node pools within the module.
Update provider syntax
Refactor: update syntax of provider requirements (#38) TF 0.13 introduced this new syntax where each provider is declared as a map with a source and version (contrasting with how things were before, where you just set the version you wanted). We should always use the new syntax for explicitness and because the pre-0.13 syntax may be deprecated some day.