stevehipwell
commented
6 months ago @rcskosir could you add a comment as to what's blocking this upstream?
Open stevehipwell opened 7 months ago
stevehipwell
commented
6 months ago @rcskosir could you add a comment as to what's blocking this upstream?
aristosvo
commented
6 months ago @stevehipwell The fact that it is in preview is blocking, as the AKS service team doesn't want preview features to be integrated in the azurerm Terraform provider
stevehipwell
commented
6 months ago @aristosvo I'm pretty sure that isn't the case. There are a significant number of preview features integrated into the AKS TF resources and the API used is one of the preview APIs.
aristosvo
commented
6 months ago @stevehipwell I understand your confusion, but it is. https://github.com/hashicorp/pandora/pull/3469#issuecomment-1881475876 is explaining why.
stevehipwell
commented
6 months ago @aristosvo that doesn't align with the communication we've had with the AKS team. I only add this to show that there doesn't seem to be a consistent message coming out of Azure.
stephybun
commented
6 months ago @stevehipwell to reiterate on the comment linked by @aristosvo, we have been asked by the AKS Service Team to switch to using a stable API version for the AKS resource. This discussion is currently ongoing and has not reached a resolution yet.
If the conclusion is to move to a stable API version, then we will be removing all preview features currently supported in the AKS resource that do not exist in the newest available stable version at the time, in the next major 4.0 release.
It's unsettling that this news diverges from the communication you've had with the AKS team. Given the scope and impact of this change and being no longer able to support preview features going forward should the decision fall in favour of only using stable, it would be disconcerting to find out that this wasn't a unanimous desire.
Would you be able to reach out to your Azure/AKS contact to get some clarity and to get them to comment here on this issue? At the very least I think direct feedback from the community on how they feel about preview features being removed and no longer supported in the AzureRM provider would be helpful for the AKS team.
stevehipwell
commented
6 months ago Thanks for the detailed explanation @stephybun. Azure is already significantly harder to operate as IaC than other clouds and the removal of preview support will have a significant impact based on the way Azure currently operates. The only way that this makes sense is if Azure are going to start releasing required functionality as GA rather than using "preview" to abdicate responsibility for quality (of implementation and design) ETC.
TL;DR - If functionality can't be accessed by IaC then it might as well not exist.
stevehipwell
commented
6 months ago CC @phealy
tnn-simon
commented
1 month ago Seems like the feature is finally available in a stable ARM API.
Option none has been available since API version 2024-05-01: https://learn.microsoft.com/en-us/rest/api/aks/managed-clusters/create-or-update?view=rest-aks-2024-05-01&tabs=HTTP#networkpolicy.
Regarding the implementation. Should the provider support transitions for network_policy like calico -> azure? The transition graph gains some complexity from the constraints imposed by choice of network data_plane (cilium or azure).
prdev89
commented
2 weeks ago @stephybun The feature to uninstall Network Policy is now GA. I was wondering if there are any plans to support this in Terraform soon?
Is there an existing issue for this?
Community Note
Description
I'd like to be able to uninstall the network policy for an AKS cluster.
New or Affected Resource(s)/Data Source(s)
azurerm_kubernetes_cluster
Potential Terraform Configuration
References