feat: (IAC-651) add ability to set pod_cidr and service_cidr while using kubenet (#246)

stturc · web-flow · commit f3732172234d · 2023-03-20T11:42:06.000-05:00
diff --git a/modules/azure_aks/main.tf b/modules/azure_aks/main.tf
@@ -29,10 +29,10 @@ resource "azurerm_kubernetes_cluster" "aks" {
     # https://docs.microsoft.com/en-us/azure/aks/load-balancer-standard
     # https://docs.microsoft.com/en-us/azure/aks/egress-outboundtype
 
-    service_cidr       = var.aks_network_plugin == "kubenet" ? "10.0.0.0/16" : var.aks_service_cidr
-    dns_service_ip     = var.aks_network_plugin == "kubenet" ? "10.0.0.10" : var.aks_dns_service_ip
-    pod_cidr           = var.aks_network_plugin == "kubenet" ? "10.244.0.0/16" : null
-    docker_bridge_cidr = var.aks_network_plugin == "kubenet" ? "172.17.0.1/16" : var.aks_docker_bridge_cidr
+    service_cidr       = var.aks_service_cidr
+    dns_service_ip     = var.aks_dns_service_ip
+    pod_cidr           = var.aks_network_plugin == "kubenet" ? var.aks_pod_cidr : null
+    docker_bridge_cidr = var.aks_docker_bridge_cidr
     outbound_type      = var.cluster_egress_type
     load_balancer_sku  = "standard"
   }
diff --git a/modules/azure_aks/variables.tf b/modules/azure_aks/variables.tf
@@ -97,21 +97,41 @@ variable "aks_dns_service_ip" {
   description = "IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Changing this forces a new resource to be created."
   type        = string
   default     = "10.0.0.10"
+  validation {
+    condition     = var.aks_dns_service_ip != null ? can(regex("^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",var.aks_dns_service_ip)) : false
+    error_message = "ERROR: aks_dns_service_ip - value must not be null and must be a valid IP address."
+  }
+
 }
 
 variable "aks_docker_bridge_cidr" {
   description = "IP address (in CIDR notation) used as the Docker bridge IP address on nodes. Changing this forces a new resource to be created."
   default     = "172.17.0.1/16"
+  validation {
+    condition     = var.aks_docker_bridge_cidr != null ? can(cidrnetmask(var.aks_docker_bridge_cidr)) : false
+    error_message = "ERROR: aks_docker_bridge_cidr - value must not be null and must be valid CIDR."
+  }
+
 }
 
 variable "aks_pod_cidr" {
   description = "The CIDR to use for pod IP addresses. This field can only be set when network_plugin is set to kubenet. Changing this forces a new resource to be created."
   default     = "10.244.0.0/16"
+  validation {
+    condition     = var.aks_pod_cidr != "" ? can(cidrnetmask(var.aks_pod_cidr)) : true
+    error_message = "ERROR: aks_pod_cidr - value must either be null or must be a valid CIDR."
+  }
+
 }
 
 variable "aks_service_cidr" {
   description = "The Network Range used by the Kubernetes service. Changing this forces a new resource to be created."
   default     = "10.0.0.0/16"
+  validation {
+    condition     = var.aks_service_cidr != null ? can(cidrnetmask(var.aks_service_cidr)) : false
+    error_message = "ERROR: aks_service_cidr - value must not be null and must be a valid CIDR."
+  }
+
 }
 
 variable "aks_cluster_tags" {
diff --git a/variables.tf b/variables.tf
@@ -147,11 +147,21 @@ variable "aks_dns_service_ip" {
   description = "IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Changing this forces a new resource to be created."
   type        = string
   default     = "10.0.0.10"
+  validation {
+    condition     = var.aks_dns_service_ip != null ? can(regex("^(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\\.(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)$",var.aks_dns_service_ip)) : false
+    error_message = "ERROR: aks_dns_service_ip - value must not be null and must be a valid IP address."
+  }
+
 }
 
 variable "aks_docker_bridge_cidr" {
   description = "IP address (in CIDR notation) used as the Docker bridge IP address on nodes. Changing this forces a new resource to be created."
   default     = "172.17.0.1/16"
+  validation {
+    condition     = var.aks_docker_bridge_cidr != null ? can(cidrnetmask(var.aks_docker_bridge_cidr)) : false
+    error_message = "ERROR: aks_docker_bridge_cidr - value must not be null and must be valid CIDR."
+  }
+
 }
 
 variable "cluster_egress_type" {
@@ -166,11 +176,21 @@ variable "cluster_egress_type" {
 variable "aks_pod_cidr" {
   description = "The CIDR to use for pod IP addresses. This field can only be set when network_plugin is set to kubenet. Changing this forces a new resource to be created."
   default     = "10.244.0.0/16"
+  validation {
+    condition     = var.aks_pod_cidr != "" ? can(cidrnetmask(var.aks_pod_cidr)) : true
+    error_message = "ERROR: aks_pod_cidr - value must either be null or must be a valid CIDR."
+  }
+
 }
 
 variable "aks_service_cidr" {
   description = "The Network Range used by the Kubernetes service. Changing this forces a new resource to be created."
   default     = "10.0.0.0/16"
+  validation {
+    condition     = var.aks_service_cidr != null ? can(cidrnetmask(var.aks_service_cidr)) : false
+    error_message = "ERROR: aks_service_cidr - value must not be null and must be a valid CIDR."
+  }
+  
 }
 
 variable "aks_uai_name" {
