Skip to content

Output cluster's fqdn #251

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
lonegunmanb merged 2 commits into from
Sep 29, 2022
Merged

Output cluster's fqdn #251

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
94edfea
Add new outputs: `cluster_fqdn`, `cluster_portal_fqdn` and `cluster_p…
lonegunmanb Sep 14, 2022
266ed88
rebase with latest master
lonegunmanb Sep 29, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 1 addition & 1 deletion CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -20,4 +20,4 @@ ENHANCEMENTS:

* Add `aci_connector_linux` addon. [#230](https://github.com/Azure/terraform-azurerm-aks/pull/230)
* Restrict Terraform Core version for example cod to `>= 1.2`. [#253](https://github.com/Azure/terraform-azurerm-aks/pull/253)
* Adds support for Ultra Disks by enabling the option. [#245](https://github.com/Azure/terraform-azurerm-aks/pull/245)
* Adds support for Ultra Disks by enabling the option. [#245](https://github.com/Azure/terraform-azurerm-aks/pull/245)
3 changes: 3 additions & 0 deletions README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -368,7 +368,10 @@ No modules.
| <a name="output_client_certificate"></a> [client\_certificate](#output\_client\_certificate) | The `client_certificate` in the `azurerm_kubernetes_cluster`'s `kube_config` block. Base64 encoded public certificate used by clients to authenticate to the Kubernetes cluster. |
| <a name="output_client_key"></a> [client\_key](#output\_client\_key) | The `client_key` in the `azurerm_kubernetes_cluster`'s `kube_config` block. Base64 encoded private key used by clients to authenticate to the Kubernetes cluster. |
| <a name="output_cluster_ca_certificate"></a> [cluster\_ca\_certificate](#output\_cluster\_ca\_certificate) | The `cluster_ca_certificate` in the `azurerm_kubernetes_cluster`'s `kube_config` block. Base64 encoded public CA certificate used as the root of trust for the Kubernetes cluster. |
| <a name="output_cluster_fqdn"></a> [cluster\_fqdn](#output\_cluster\_fqdn) | The FQDN of the Azure Kubernetes Managed Cluster. |
| <a name="output_cluster_identity"></a> [cluster\_identity](#output\_cluster\_identity) | The `azurerm_kubernetes_cluster`'s `identity` block. |
| <a name="output_cluster_portal_fqdn"></a> [cluster\_portal\_fqdn](#output\_cluster\_portal\_fqdn) | The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster. |
| <a name="output_cluster_private_fqdn"></a> [cluster\_private\_fqdn](#output\_cluster\_private\_fqdn) | The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster. |
| <a name="output_generated_cluster_private_ssh_key"></a> [generated\_cluster\_private\_ssh\_key](#output\_generated\_cluster\_private\_ssh\_key) | The cluster will use this generated private key as ssh key when `var.public_ssh_key` is empty or null. Private key data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format. |
| <a name="output_generated_cluster_public_ssh_key"></a> [generated\_cluster\_public\_ssh\_key](#output\_generated\_cluster\_public\_ssh\_key) | The cluster will use this generated public key as ssh key when `var.public_ssh_key` is empty or null. The fingerprint of the public key data in OpenSSH MD5 hash format, e.g. `aa:bb:cc:....` Only available if the selected private key format is compatible, similarly to `public_key_openssh` and the [ECDSA P224 limitations](https://registry.terraform.io/providers/hashicorp/tls/latest/docs#limitations). |
| <a name="output_host"></a> [host](#output\_host) | The `host` in the `azurerm_kubernetes_cluster`'s `kube_config` block. The Kubernetes cluster server host. |
Expand Down
8 changes: 8 additions & 0 deletions examples/startup/outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -47,6 +47,14 @@ output "test_cluster_ca_certificate" {
value = module.aks.client_certificate
}

output "test_cluster_portal_fqdn" {
value = module.aks.cluster_portal_fqdn
}

output "test_cluster_private_fqdn" {
value = module.aks.cluster_private_fqdn
}

output "test_host" {
sensitive = true
value = module.aks.host
Expand Down
15 changes: 15 additions & 0 deletions outputs.tf
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -93,11 +93,26 @@ output "cluster_ca_certificate" {
value = azurerm_kubernetes_cluster.main.kube_config[0].cluster_ca_certificate
}

output "cluster_fqdn" {
description = "The FQDN of the Azure Kubernetes Managed Cluster."
value = azurerm_kubernetes_cluster.main.fqdn
}

output "cluster_identity" {
description = "The `azurerm_kubernetes_cluster`'s `identity` block."
value = try(azurerm_kubernetes_cluster.main.identity[0], null)
}

output "cluster_portal_fqdn" {
description = "The FQDN for the Azure Portal resources when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster."
value = azurerm_kubernetes_cluster.main.portal_fqdn
}

output "cluster_private_fqdn" {
description = "The FQDN for the Kubernetes Cluster when private link has been enabled, which is only resolvable inside the Virtual Network used by the Kubernetes Cluster."
value = azurerm_kubernetes_cluster.main.private_fqdn
Copy link
Copy Markdown
Contributor

@zioproto zioproto Sep 14, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This value in the terraform state is "" when not using private clusters:

 "private_fqdn": "",

Copy link
Copy Markdown
Member Author

@lonegunmanb lonegunmanb Sep 29, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hi @zioproto sorry for the late reply, I've tested and confirmed that this private_fqdn will be empty string when we set aks's private_cluster_enabled to false.

Copy link
Copy Markdown
Contributor

@zioproto zioproto Sep 29, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

OK. Do you think is necessary to add a comment to the function assertOutputNotEmpty to clarify that this function can be used only when testing with private clusters ?
Let me know if it makes sense to add this comment in the code.
If in the future there will be a scenario with public clusters we want to make sure that assertOutputNotEmpty is not used because it will always fail. Thank you !

Copy link
Copy Markdown
Member Author

@lonegunmanb lonegunmanb Sep 29, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think it's ok since output's description has described this output only works for private cluster, if we change this example to provision a public cluster in the future and somehow we forget to remove this assertOutputNotEmpty from our e2e test, the failed test will warn us and the we can figure out what's wrong quickly by reading description.

}

output "generated_cluster_private_ssh_key" {
description = "The cluster will use this generated private key as ssh key when `var.public_ssh_key` is empty or null. Private key data in [PEM (RFC 1421)](https://datatracker.ietf.org/doc/html/rfc1421) format."
sensitive = true
Expand Down
8 changes: 8 additions & 0 deletions test/e2e/terraform_aks_test.go
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,9 +26,17 @@ func TestExamplesStartup(t *testing.T) {
aksId, ok := output["test_aks_id"].(string)
assert.True(t, ok)
assert.Regexp(t, regexp.MustCompile("/subscriptions/.+/resourceGroups/.+/providers/Microsoft.ContainerService/managedClusters/.+"), aksId)
assertOutputNotEmpty(t, output, "test_cluster_portal_fqdn")
assertOutputNotEmpty(t, output, "test_cluster_private_fqdn")
})
}

func assertOutputNotEmpty(t *testing.T, output test_helper.TerraformOutput, name string) {
o, ok := output[name].(string)
assert.True(t, ok)
assert.NotEqual(t, "", o)
}
Copy link
Copy Markdown
Contributor

@zioproto zioproto Sep 14, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this testing passing when private cluster is not enabled and the value in the tf state is:

 "private_fqdn": "",

??

Copy link
Copy Markdown
Contributor

@zioproto zioproto Sep 23, 2022

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@lonegunmanb did you have an opportunity to look at this comment ? thanks :)


func TestExamplesWithoutMonitor(t *testing.T) {
var vars map[string]interface{}
managedIdentityId := os.Getenv("MSI_ID")
Expand Down