using azapi update resource to update aks kubernetes_version when user changed it at Terraform side, ignore all other changes outside of Terraform

lonegunmanb · lonegunmanb · commit 3b118fb0db7d · 2023-03-29T11:18:47.000+08:00
diff --git a/README.md b/README.md
@@ -242,14 +242,18 @@ The following sections are generated by [terraform-docs](https://github.com/terr
 | Name                                                                      | Version          |
 |---------------------------------------------------------------------------|------------------|
 | <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) | >= 1.3           |
+| <a name="requirement_azapi"></a> [azapi](#requirement\_azapi)             | >= 1.4.0, < 2.0  |
 | <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm)       | >= 3.47.0, < 4.0 |
+| <a name="requirement_null"></a> [null](#requirement\_null)                | >= 3.0           |
 | <a name="requirement_tls"></a> [tls](#requirement\_tls)                   | >= 3.1           |
 
 ## Providers
 
 | Name                                                          | Version          |
 |---------------------------------------------------------------|------------------|
+| <a name="provider_azapi"></a> [azapi](#provider\_azapi)       | >= 1.4.0, < 2.0  |
 | <a name="provider_azurerm"></a> [azurerm](#provider\_azurerm) | >= 3.47.0, < 4.0 |
+| <a name="provider_null"></a> [null](#provider\_null)          | >= 3.0           |
 | <a name="provider_tls"></a> [tls](#provider\_tls)             | >= 3.1           |
 
 ## Modules
@@ -260,12 +264,14 @@ No modules.
 
 | Name                                                                                                                                                           | Type        |
 |----------------------------------------------------------------------------------------------------------------------------------------------------------------|-------------|
+| [azapi_update_resource.aks_cluster_post_create](https://registry.terraform.io/providers/Azure/azapi/latest/docs/resources/update_resource)                     | resource    |
 | [azurerm_kubernetes_cluster.main](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster)                          | resource    |
 | [azurerm_kubernetes_cluster_node_pool.node_pool](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster_node_pool) | resource    |
 | [azurerm_log_analytics_solution.main](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_solution)                  | resource    |
 | [azurerm_log_analytics_workspace.main](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace)                | resource    |
 | [azurerm_role_assignment.acr](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment)                                 | resource    |
 | [azurerm_role_assignment.network_contributor](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment)                 | resource    |
+| [null_resource.kubernetes_version_keeper](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource)                               | resource    |
 | [tls_private_key.ssh](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key)                                                 | resource    |
 | [azurerm_resource_group.main](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/resource_group)                               | data source |
 
diff --git a/main.tf b/main.tf
@@ -359,6 +359,8 @@ resource "azurerm_kubernetes_cluster" "main" {
   }
 
   lifecycle {
+    ignore_changes = [kubernetes_version]
+
     precondition {
       condition     = (var.client_id != "" && var.client_secret != "") || (var.identity_type != "")
       error_message = "Either `client_id` and `client_secret` or `identity_type` must be set."
@@ -391,6 +393,27 @@ resource "azurerm_kubernetes_cluster" "main" {
   }
 }
 
+resource "null_resource" "kubernetes_version_keeper" {
+  triggers = {
+    version = var.kubernetes_version
+  }
+}
+
+resource "azapi_update_resource" "aks_cluster_post_create" {
+  type = "Microsoft.ContainerService/managedClusters@2023-01-02-preview"
+  body = jsonencode({
+    properties = {
+      kubernetesVersion = var.kubernetes_version
+    }
+  })
+  resource_id = azurerm_kubernetes_cluster.main.id
+
+  lifecycle {
+    ignore_changes       = all
+    replace_triggered_by = [null_resource.kubernetes_version_keeper.id]
+  }
+}
+
 resource "azurerm_kubernetes_cluster_node_pool" "node_pool" {
   for_each = var.node_pools
 
@@ -514,6 +537,8 @@ resource "azurerm_kubernetes_cluster_node_pool" "node_pool" {
     }
   }
 
+  depends_on = [azapi_update_resource.aks_cluster_post_create]
+
   lifecycle {
     precondition {
       condition     = var.agents_type == "VirtualMachineScaleSets"
diff --git a/versions.tf b/versions.tf
@@ -2,10 +2,18 @@ terraform {
   required_version = ">= 1.3"
 
   required_providers {
+    azapi = {
+      source  = "Azure/azapi"
+      version = ">= 1.4.0, < 2.0"
+    }
     azurerm = {
       source  = "hashicorp/azurerm"
       version = ">= 3.47.0, < 4.0"
     }
+    null = {
+      source  = "hashicorp/null"
+      version = ">= 3.0"
+    }
     tls = {
       source  = "hashicorp/tls"
       version = ">= 3.1"
