Skip to content

Commit

Permalink
Update AKS module to support custom data plane configuration (#440)
Browse files Browse the repository at this point in the history 
- Add network_dataplane and network_policy as variables for AKS module
- Add unit tests for network_dataplane and network_policy variables
- Add validation for AKS network policy and data plane compatibility

---------

Co-authored-by: Rafael Mendes Pereira <[email protected]>
  • Loading branch information
@rafael-mendes-pereira
rafael-mendes-pereira and Rafael Mendes Pereira authored Dec 19, 2024
1 parent 564602c commit 2573133
Show file tree
Hide file tree
Showing 5 changed files with 189 additions and 9 deletions.
4 changes: 2 additions & 2 deletions modules/terraform/azure/aks/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -34,8 +34,8 @@ resource "azurerm_kubernetes_cluster" "aks" {
network_profile {
network_plugin = var.aks_config.network_profile.network_plugin
network_plugin_mode = var.aks_config.network_profile.network_plugin_mode
network_policy = var.aks_config.network_profile.network_policy
network_data_plane = var.aks_config.network_profile.network_dataplane
network_policy = try(coalesce(var.network_policy, var.aks_config.network_profile.network_policy), null)
network_data_plane = try(coalesce(var.network_dataplane, var.aks_config.network_profile.network_dataplane), null)
outbound_type = var.aks_config.network_profile.outbound_type
pod_cidr = var.aks_config.network_profile.pod_cidr
service_cidr = var.aks_config.network_profile.service_cidr
Expand Down
12 changes: 12 additions & 0 deletions modules/terraform/azure/aks/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -36,6 +36,18 @@ variable "k8s_machine_type" {
default = null
}

variable "network_policy" {
description = "Value to replace the AKS network_policy. If network_policy is 'azure' or 'cilium', network_dataplane must match or be null."
type = string
default = null
}

variable "network_dataplane" {
description = "Value to replace the AKS network_dataplane"
type = string
default = null
}

variable "aks_config" {
type = object({
role = string
Expand Down
9 changes: 2 additions & 7 deletions modules/terraform/azure/main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -28,13 +28,6 @@ locals {
{
sku_tier = local.aks_sku_tier != null ? local.aks_sku_tier : aks.sku_tier
kubernetes_version = local.aks_kubernetes_version != null ? local.aks_kubernetes_version : aks.kubernetes_version
network_profile = merge(
aks.network_profile,
{
network_policy = local.aks_network_policy != null ? local.aks_network_policy : aks.network_profile.network_policy
network_dataplane = local.aks_network_dataplane != null ? local.aks_network_dataplane : aks.network_profile.network_dataplane
}
)
}
)
] : []
Expand Down Expand Up @@ -92,6 +85,8 @@ module "aks" {
vnet_id = try(module.virtual_network[each.value.role].vnet_id, null)
subnets = try(local.all_subnets, null)
k8s_machine_type = local.k8s_machine_type
network_dataplane = local.aks_network_dataplane
network_policy = local.aks_network_policy
}

module "aks-cli" {
Expand Down
164 changes: 164 additions & 0 deletions modules/terraform/azure/tests/test_aks_network_dataplane.tftest.hcl
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,164 @@
variables {
scenario_type = "perf-eval"
scenario_name = "my_scenario"
deletion_delay = "2h"
owner = "aks"
json_input = {
"run_id" : "123456789",
"region" : "eastus",
"public_key_path" : "public_key_path",
"aks_network_dataplane" : "cilium",
"aks_network_policy" : "cilium"
}

aks_config_list = [
{
role = "test"
aks_name = "test"
dns_prefix = "test"
subnet_name = "test-subnet-1"
sku_tier = "Standard"
network_profile = {
network_plugin = "azure"
network_plugin_mode = "overlay"
network_policy = "azure"
network_dataplane = "azure"
}
default_node_pool = {
name = "default"
node_count = 1
vm_size = "Standard_D32s_v3"
os_disk_type = "Managed"
only_critical_addons_enabled = false
temporary_name_for_rotation = "defaulttmp"
}
extra_node_pool = []
}
]
}

run "valid_override_network_data_plane" {

command = plan

assert {
condition = module.aks["test"].aks_cluster.network_profile[0].network_data_plane == "cilium"
error_message = "Expected: 'cilium' \n Actual: ${module.aks["test"].aks_cluster.network_profile[0].network_data_plane}"
}
}

run "valid_no_override_network_data_plane" {

command = plan

variables {
json_input = {
"run_id" : "123456789",
"region" : "eastus",
"public_key_path" : "public_key_path",
}
}

assert {
condition = module.aks["test"].aks_cluster.network_profile[0].network_data_plane == var.aks_config_list[0].network_profile.network_dataplane
error_message = "Expected: ${var.aks_config_list[0].network_profile.network_dataplane} \n Actual: ${module.aks["test"].aks_cluster.network_profile[0].network_data_plane}"
}
}

run "valid_aks_network_policy_and_dataplane_no_match_fails_1" {

command = plan

variables {
json_input = {
"run_id" : "123456789",
"region" : "eastus",
"public_key_path" : "public_key_path",
"aks_network_dataplane" : "cilium"
"aks_network_policy" : "azure"
}
}

expect_failures = [var.json_input.aks_network_policy]
}

run "valid_aks_network_policy_and_dataplane_no_match_fails_2" {

command = plan

variables {
json_input = {
"run_id" : "123456789",
"region" : "eastus",
"public_key_path" : "public_key_path",
"aks_network_dataplane" : "azure"
"aks_network_policy" : "cilium"
}
}

expect_failures = [var.json_input.aks_network_policy]
}


run "valid_aks_network_policy_ok" {

command = plan

variables {
json_input = {
"run_id" : "123456789",
"region" : "eastus",
"public_key_path" : "public_key_path",
"aks_network_policy" : "cilium"
}
}

assert {
condition = module.aks["test"].aks_cluster.network_profile[0].network_policy == "cilium"
error_message = "Expected: 'cilium' \n Actual: ${module.aks["test"].aks_cluster.network_profile[0].network_policy}"
}
}

run "valid_no_network_policy_and_dataplane_defined" {

command = plan

variables {
json_input = {
"run_id" : "123456789",
"region" : "eastus",
"public_key_path" : "public_key_path",
}

aks_config_list = [
{
role = "test"
aks_name = "test"
dns_prefix = "test"
subnet_name = "test-subnet-1"
sku_tier = "Standard"
network_profile = {
network_plugin = "azure"
network_plugin_mode = "overlay"
}
default_node_pool = {
name = "default"
node_count = 1
vm_size = "Standard_D32s_v3"
os_disk_type = "Managed"
only_critical_addons_enabled = false
temporary_name_for_rotation = "defaulttmp"
}
extra_node_pool = []
}
]
}

assert {
condition = module.aks["test"].aks_cluster.network_profile[0].network_data_plane == "azure"
error_message = "Expected: 'azure' (default) \n Actual: ${module.aks["test"].aks_cluster.network_profile[0].network_data_plane}"
}

# Note: The network_policy attribute is assigned a value only during the resource creation (apply) phase.
# Therefore, it cannot be tested during the planning phase as its value is not available until the resources are created.
}
9 changes: 9 additions & 0 deletions modules/terraform/azure/variables.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,15 @@ variable "json_input" {
}))
)
})

validation {
condition = (var.json_input.aks_network_policy == null
|| (try(contains(["azure", "cilium"], var.json_input.aks_network_policy), false)
&& (var.json_input.aks_network_policy == var.json_input.aks_network_dataplane || var.json_input.aks_network_dataplane == null))
)
# ref: https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster#network_policy-1
error_message = "If aks_network_policy is 'azure' or 'cilium', aks_network_dataplane must match or be null"
}
}

variable "owner" {
Expand Down

0 comments on commit 2573133

Please sign in to comment.