Support for defaultIngressControllerType in azurerm_kubernetes_cluster web_app_routing configuration block

[underguiz]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Description

When you enable the application routing add-on with NGINX, it creates an ingress controller called default in the app-routing-namespace configured with a public facing Azure load balancer. That ingress controller uses an ingress class name of webapprouting.kubernetes.azure.com.

You can also control if the default gets a public or an internal IP, or if it gets created at all when enabling the add-on using BICEP.

This configuration is crucial in regulated environments and the web_app_routing configuration block should support it.

Bicep example:

"ingressProfile": { "webAppRouting": { "nginx": { "defaultIngressControllerType": "None|Internal|External|AnnotationControlled" } }

Link to documentation:

https://learn.microsoft.com/en-us/azure/aks/app-routing-nginx-configuration?tabs=bicep#control-the-default-nginx-ingress-controller-configuration

New or Affected Resource(s)/Data Source(s)

azurerm_kubernetes_cluster

Potential Terraform Configuration

resource "azurerm_kubernetes_cluster" "example" {
  name                = "example-aks1"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  dns_prefix          = "exampleaks1"

  default_node_pool {
    name       = "default"
    node_count = 1
    vm_size    = "Standard_D2_v2"
  }

  web_app_routing {
    dns_zone_ids = [ "/subscriptions/(...)/dnszone" ]
    default_type = none|internal|external
  }

}

References

No response

[ms-henglu]

Hi @underguiz ,

Thank you for taking time to report this issue.

This feature is still in preview, we could support it in the azurerm provider. Here's config about how to use this feature with azapi provider, hope it could help you.

resource "azapi_resource" "aksCluster" {
  type      = "Microsoft.ContainerService/managedClusters@2024-06-02-preview"
  parent_id = azapi_resource.resourceGroup.id
  name      = "hengluaks"
  location  = "westus"

  identity {
    type = "SystemAssigned"
  }

  body = {
    properties = {
      kubernetesVersion = "1.30.3"
      dnsPrefix         = "hengluaks"
      enableRBAC        = true
      agentPoolProfiles = [
        {
          name   = "agentpool"
          count  = 3
          vmSize = "Standard_DS2_v2"
          osType = "Linux"
          mode   = "System"
        }
      ]
      ingressProfile = {
        webAppRouting = {
          nginx = {
            defaultIngressControllerType = "AnnotationControlled"
          }
        }
      }
    }
  }
}