AKS managed NAT gateway nat_gateway_profile is missing the zone parameter

[zioproto]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.95

AzureRM Provider Version

4.0.1

Affected Resource(s)/Data Source(s)

azurerm_kubernetes_cluster

Terraform Configuration Files

n/a

Debug Output/Panic Output

N/A

Expected Behaviour

The nat_gateway_profile block implementation done in 2021 in PR https://github.com/hashicorp/terraform-provider-azurerm/pull/14142 missed the "zone" parameter in the API.

Product documentation: https://learn.microsoft.com/en-us/azure/aks/nat-gateway

Actual Behaviour

No response

Steps to Reproduce

No response

Important Factoids

No response

References

No response

[zioproto]

Especially for clusters created in 1 specific zone, you want to be able to control that the managed NAT Gateway is created in the same zone as well. Otherwise you are increasing the risk of an incident, in case the either the zone of the NAT Gateway or the zone of the AKS cluster has an issue.

[zioproto]

It might be the documentation that is misleading: https://learn.microsoft.com/en-us/azure/aks/nat-gateway#create-an-aks-cluster-with-a-managed-nat-gateway

This --zones parameter seems to do not exist in the ManagedClusterNATGatewayProfile. So probably it is referring to the cluster zones ? But what happens then when we pass --zones 1 2 3 ?

https://github.com/Azure/azure-rest-api-specs-pr/blob/bd2d190bc2aad1e8b30c1ffa8aea94f2d4715b76/specification/containerservice/resource-manager/Microsoft.ContainerService/aks/stable/2024-07-01/managedClusters.json#L4402-L4426

[zioproto]

Closing this one because it is not actionable on the Terraform side, given the API limitation. I will be following up with the AKS product team to double check the documentation of the product.