make api_server_authorized_ip_ranges configurable.

lonegunmanb · lonegunmanb · commit 4f4a82841d24 · 2022-07-11T16:27:44.000+08:00
diff --git a/main.tf b/main.tf
@@ -13,15 +13,16 @@ resource "tls_private_key" "ssh" {
 }
 
 resource "azurerm_kubernetes_cluster" "main" {
-  name                    = var.cluster_name == null ? "${var.prefix}-aks" : var.cluster_name
-  kubernetes_version      = var.kubernetes_version
-  location                = coalesce(var.location, data.azurerm_resource_group.main.location)
-  resource_group_name     = data.azurerm_resource_group.main.name
-  node_resource_group     = var.node_resource_group
-  dns_prefix              = var.prefix
-  sku_tier                = var.sku_tier
-  private_cluster_enabled = var.private_cluster_enabled
-  private_dns_zone_id     = var.private_dns_zone_id
+  name                            = var.cluster_name == null ? "${var.prefix}-aks" : var.cluster_name
+  kubernetes_version              = var.kubernetes_version
+  location                        = coalesce(var.location, data.azurerm_resource_group.main.location)
+  resource_group_name             = data.azurerm_resource_group.main.name
+  node_resource_group             = var.node_resource_group
+  dns_prefix                      = var.prefix
+  sku_tier                        = var.sku_tier
+  private_cluster_enabled         = var.private_cluster_enabled
+  private_dns_zone_id             = var.private_dns_zone_id
+  api_server_authorized_ip_ranges = var.api_server_authorized_ip_ranges
 
   dynamic "linux_profile" {
     for_each = var.admin_username == null ? [] : ["linux_profile"]
diff --git a/variables.tf b/variables.tf
@@ -38,6 +38,12 @@ variable "client_secret" {
   default     = ""
 }
 
+variable "api_server_authorized_ip_ranges" {
+  type        = set(string)
+  description = "(Optional) The IP ranges to allow for incoming traffic to the server nodes."
+  default     = null
+}
+
 variable "admin_username" {
   default     = null
   description = "The username of the local administrator to be created on the Kubernetes cluster. Set this variable to `null` to turn off the cluster's `linux_profile`. Changing this forces a new resource to be created."
