diff --git a/modules/azure-aks/aks.tf b/modules/azure-aks/aks.tf index 4a8f67c5..648822a4 100644 --- a/modules/azure-aks/aks.tf +++ b/modules/azure-aks/aks.tf @@ -31,7 +31,7 @@ module "aks" { key_vault_secrets_provider_enabled = var.key_vault_secrets_provider_enabled kubernetes_version = var.aks_kubernetes_version load_balancer_profile_enabled = var.load_balancer_profile_enabled - load_balancer_profile_outbound_ip_address_ids = [data.azurerm_public_ip.aks_public_ip.id] + load_balancer_profile_outbound_ip_address_ids = var.load_balancer_profile_outbound_ip_address_enabled ? [for ip in data.azurerm_public_ip.aks_public_ip : ip.id] : null load_balancer_sku = var.load_balancer_sku log_analytics_workspace_enabled = false network_contributor_role_assigned_subnet_ids = { aks_subnet = data.azurerm_subnet.aks_subnet.id } diff --git a/modules/azure-aks/data.tf b/modules/azure-aks/data.tf index db6ebedc..d70fefdd 100644 --- a/modules/azure-aks/data.tf +++ b/modules/azure-aks/data.tf @@ -6,8 +6,17 @@ data "azurerm_subnet" "aks_subnet" { resource_group_name = var.vnet_resource_group_name } +# Interface + +# outbound_public_ips: +# - id: # me pasas el id de la ip publica +# or # me pasas el grupo de recursos y el nombre de la ip publica y yo me encargo de buscarla +# - resource_group: +# - name: + # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/public_ip data "azurerm_public_ip" "aks_public_ip" { + for_each = var.outbound_public_ips != null ? { for idx, ip in var.outbound_public_ips : idx => ip if lookup(ip, "id", null) != null } : {} name = var.public_ip_name resource_group_name = var.resource_group_name } diff --git a/modules/azure-aks/outputs.tf b/modules/azure-aks/outputs.tf index 201686d8..278cd010 100644 --- a/modules/azure-aks/outputs.tf +++ b/modules/azure-aks/outputs.tf @@ -37,9 +37,9 @@ output "oidc_issuer_url" { value = module.aks.oidc_issuer_url } -output "outbound_ip_address" { - value = data.azurerm_public_ip.aks_public_ip.id -} +# output "outbound_ip_address" { +# value = data.azurerm_public_ip.aks_public_ip[0].id +# } # Data section output "subnet_id" { diff --git a/modules/azure-aks/role_assignment.tf b/modules/azure-aks/role_assignment.tf index 2dcfc8d8..fa21421c 100644 --- a/modules/azure-aks/role_assignment.tf +++ b/modules/azure-aks/role_assignment.tf @@ -1,7 +1,7 @@ # https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment resource "azurerm_role_assignment" "role_assignment_network_contributor_over_public_ip_aks" { - count = var.create_role_assignment_public_ip ? 1 : 0 - scope = data.azurerm_public_ip.aks_public_ip.id + count = var.load_balancer_profile_outbound_ip_address_enabled ? 1 : 0 + scope = data.azurerm_public_ip.aks_public_ip[count.index].id role_definition_name = "Network Contributor" principal_id = module.aks.cluster_identity.principal_id } diff --git a/modules/azure-aks/variables.tf b/modules/azure-aks/variables.tf index 52ce226f..958e8b87 100644 --- a/modules/azure-aks/variables.tf +++ b/modules/azure-aks/variables.tf @@ -113,6 +113,12 @@ variable "load_balancer_sku" { default = "standard" } +variable "load_balancer_profile_outbound_ip_address_enabled" { + description = "Boolean value to enable or not the load balancer profile outbound ip address" + type = bool + default = false +} + variable "node_os_channel_upgrade" { description = "The automatic node channel upgrade setting for the AKS cluster" default = "None" @@ -268,10 +274,3 @@ variable "api_server_authorized_ip_ranges" { type = list(string) default = null } - -# Role assignment for public IP -variable "create_role_assignment_public_ip" { - description = "Boolean value to create a role assignment for the public IP" - type = bool - default = false -}