diff --git a/azurerm/data_source_kubernetes_cluster.go b/azurerm/data_source_kubernetes_cluster.go
index 57ddd937f5fc..70f833c39cd2 100644
--- a/azurerm/data_source_kubernetes_cluster.go
+++ b/azurerm/data_source_kubernetes_cluster.go
@@ -180,6 +180,11 @@ func dataSourceArmKubernetesCluster() *schema.Resource {
 							Optional: true,
 							Elem:     &schema.Schema{Type: schema.TypeString},
 						},
+
+						"enable_node_public_ip": {
+							Type:     schema.TypeBool,
+							Optional: true,
+						},
 					},
 				},
 			},
@@ -719,6 +724,10 @@ func flattenKubernetesClusterDataSourceAgentPoolProfiles(input *[]containerservi
 			agentPoolProfile["node_taints"] = *profile.NodeTaints
 		}
 
+		if profile.EnableNodePublicIP != nil {
+			agentPoolProfile["enable_node_public_ip"] = *profile.EnableNodePublicIP
+		}
+
 		agentPoolProfiles = append(agentPoolProfiles, agentPoolProfile)
 	}
 
diff --git a/azurerm/data_source_kubernetes_cluster_test.go b/azurerm/data_source_kubernetes_cluster_test.go
index f9e4ea7586ce..93ef6d357f8b 100644
--- a/azurerm/data_source_kubernetes_cluster_test.go
+++ b/azurerm/data_source_kubernetes_cluster_test.go
@@ -549,6 +549,30 @@ func TestAccDataSourceAzureRMKubernetesCluster_nodeTaints(t *testing.T) {
 	})
 }
 
+func TestAccDataSourceAzureRMKubernetesCluster_enableNodePublicIP(t *testing.T) {
+	dataSourceName := "data.azurerm_kubernetes_cluster.test"
+	ri := tf.AccRandTimeInt()
+	clientId := os.Getenv("ARM_CLIENT_ID")
+	clientSecret := os.Getenv("ARM_CLIENT_SECRET")
+
+	config := testAccDataSourceAzureRMKubernetesCluster_enableNodePublicIP(ri, clientId, clientSecret, testLocation())
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckAzureRMKubernetesClusterDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMKubernetesClusterExists(dataSourceName),
+					resource.TestCheckResourceAttr(dataSourceName, "agent_pool_profile.0.enable_node_public_ip", "true"),
+				),
+			},
+		},
+	})
+}
+
 func testAccDataSourceAzureRMKubernetesCluster_basic(rInt int, clientId string, clientSecret string, location string) string {
 	r := testAccAzureRMKubernetesCluster_basic(rInt, clientId, clientSecret, location)
 	return fmt.Sprintf(`
@@ -776,3 +800,15 @@ data "azurerm_kubernetes_cluster" "test" {
 }
 `, r)
 }
+
+func testAccDataSourceAzureRMKubernetesCluster_enableNodePublicIP(rInt int, clientId string, clientSecret string, location string) string {
+	r := testAccAzureRMKubernetesCluster_enableNodePublicIP(rInt, clientId, clientSecret, location)
+	return fmt.Sprintf(`
+%s
+
+data "azurerm_kubernetes_cluster" "test" {
+  name                = "${azurerm_kubernetes_cluster.test.name}"
+  resource_group_name = "${azurerm_kubernetes_cluster.test.resource_group_name}"
+}
+`, r)
+}
diff --git a/azurerm/resource_arm_kubernetes_cluster.go b/azurerm/resource_arm_kubernetes_cluster.go
index 1eef2e794980..1580a414e995 100644
--- a/azurerm/resource_arm_kubernetes_cluster.go
+++ b/azurerm/resource_arm_kubernetes_cluster.go
@@ -219,6 +219,11 @@ func resourceArmKubernetesCluster() *schema.Resource {
 							Optional: true,
 							Elem:     &schema.Schema{Type: schema.TypeString},
 						},
+
+						"enable_node_public_ip": {
+							Type:     schema.TypeBool,
+							Optional: true,
+						},
 					},
 				},
 			},
@@ -1240,6 +1245,10 @@ func expandKubernetesClusterAgentPoolProfiles(d *schema.ResourceData) ([]contain
 			profile.NodeTaints = nodeTaints
 		}
 
+		if enableNodePublicIP := config["enable_node_public_ip"]; enableNodePublicIP != nil {
+			profile.EnableNodePublicIP = utils.Bool(enableNodePublicIP.(bool))
+		}
+
 		profiles = append(profiles, profile)
 	}
 
@@ -1300,20 +1309,26 @@ func flattenKubernetesClusterAgentPoolProfiles(profiles *[]containerservice.Mana
 			subnetId = *profile.VnetSubnetID
 		}
 
+		enableNodePublicIP := false
+		if profile.EnableNodePublicIP != nil {
+			enableNodePublicIP = *profile.EnableNodePublicIP
+		}
+
 		agentPoolProfile := map[string]interface{}{
-			"availability_zones":  utils.FlattenStringSlice(profile.AvailabilityZones),
-			"count":               count,
-			"enable_auto_scaling": enableAutoScaling,
-			"max_count":           maxCount,
-			"max_pods":            maxPods,
-			"min_count":           minCount,
-			"name":                name,
-			"node_taints":         utils.FlattenStringSlice(profile.NodeTaints),
-			"os_disk_size_gb":     osDiskSizeGB,
-			"os_type":             string(profile.OsType),
-			"type":                string(profile.Type),
-			"vm_size":             string(profile.VMSize),
-			"vnet_subnet_id":      subnetId,
+			"availability_zones":    utils.FlattenStringSlice(profile.AvailabilityZones),
+			"count":                 count,
+			"enable_auto_scaling":   enableAutoScaling,
+			"enable_node_public_ip": enableNodePublicIP,
+			"max_count":             maxCount,
+			"max_pods":              maxPods,
+			"min_count":             minCount,
+			"name":                  name,
+			"node_taints":           utils.FlattenStringSlice(profile.NodeTaints),
+			"os_disk_size_gb":       osDiskSizeGB,
+			"os_type":               string(profile.OsType),
+			"type":                  string(profile.Type),
+			"vm_size":               string(profile.VMSize),
+			"vnet_subnet_id":        subnetId,
 
 			// TODO: remove in 2.0
 			"fqdn": fqdnVal,
diff --git a/azurerm/resource_arm_kubernetes_cluster_test.go b/azurerm/resource_arm_kubernetes_cluster_test.go
index d715521072c1..01510a637816 100644
--- a/azurerm/resource_arm_kubernetes_cluster_test.go
+++ b/azurerm/resource_arm_kubernetes_cluster_test.go
@@ -1086,6 +1086,29 @@ func testCheckAzureRMKubernetesClusterDestroy(s *terraform.State) error {
 	return nil
 }
 
+func TestAccAzureRMKubernetesCluster_enableNodePublicIP(t *testing.T) {
+	resourceName := "azurerm_kubernetes_cluster.test"
+	ri := tf.AccRandTimeInt()
+	clientId := os.Getenv("ARM_CLIENT_ID")
+	clientSecret := os.Getenv("ARM_CLIENT_SECRET")
+	config := testAccAzureRMKubernetesCluster_enableNodePublicIP(ri, clientId, clientSecret, testLocation())
+
+	resource.ParallelTest(t, resource.TestCase{
+		PreCheck:     func() { testAccPreCheck(t) },
+		Providers:    testAccProviders,
+		CheckDestroy: testCheckAzureRMKubernetesClusterDestroy,
+		Steps: []resource.TestStep{
+			{
+				Config: config,
+				Check: resource.ComposeTestCheckFunc(
+					testCheckAzureRMKubernetesClusterExists(resourceName),
+					resource.TestCheckResourceAttr(resourceName, "agent_pool_profile.0.enable_node_public_ip", "true"),
+				),
+			},
+		},
+	})
+}
+
 func testAccAzureRMKubernetesCluster_basic(rInt int, clientId string, clientSecret string, location string) string {
 	return fmt.Sprintf(`
 resource "azurerm_resource_group" "test" {
@@ -2538,3 +2561,32 @@ resource "azurerm_kubernetes_cluster" "test" {
 }
 `, rInt, location, rInt, rInt, clientId, clientSecret)
 }
+
+func testAccAzureRMKubernetesCluster_enableNodePublicIP(rInt int, clientId string, clientSecret string, location string) string {
+	return fmt.Sprintf(`
+resource "azurerm_resource_group" "test" {
+  name     = "acctestRG-%d"
+  location = "%s"
+}
+
+resource "azurerm_kubernetes_cluster" "test" {
+  name                = "acctestaks%d"
+  location            = "${azurerm_resource_group.test.location}"
+  resource_group_name = "${azurerm_resource_group.test.name}"
+  dns_prefix          = "acctestaks%d"
+
+  agent_pool_profile {
+    name                  = "default"
+    count                 = "1"
+    type                  = "VirtualMachineScaleSets"
+    vm_size               = "Standard_DS2_v2"
+    enable_node_public_ip = true
+  }
+
+  service_principal {
+    client_id     = "%s"
+    client_secret = "%s"
+  }
+}
+`, rInt, location, rInt, rInt, clientId, clientSecret)
+}