feat(http_proxy_config): Add http_proxy_config

CHANGELOG-v6.md

@@ -4,6 +4,12 @@
 
 **Merged pull requests:**
 
+- Add support for `http_proxy_config` [\#434](https://github.com/Azure/terraform-azurerm-aks/pull/434) ([isantospardo](https://github.com/isantospardo))
+
+## [Unreleased](https://github.com/Azure/terraform-azurerm-aks/tree/HEAD)
+
+**Merged pull requests:**
+
 - Output Kubernetes Cluster Network Profile [\#333](https://github.com/Azure/terraform-azurerm-aks/pull/333) ([joshua-giumelli-deltatre](https://github.com/joshua-giumelli-deltatre))
 
 ## [6.8.0](https://github.com/Azure/terraform-azurerm-aks/tree/6.8.0) (2023-04-04)

README.md

@@ -240,6 +240,7 @@ No modules.
 | [azurerm_role_assignment.acr](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment)                                 | resource    |
 | [azurerm_role_assignment.network_contributor](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment)                 | resource    |
 | [azurerm_role_assignment.network_contributor_on_subnet](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/role_assignment)       | resource    |
+| [null_resource.aks_cluster_recreate](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource)                                    | resource    |
 | [null_resource.kubernetes_version_keeper](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource)                               | resource    |
 | [null_resource.pool_name_keeper](https://registry.terraform.io/providers/hashicorp/null/latest/docs/resources/resource)                                        | resource    |
 | [tls_private_key.ssh](https://registry.terraform.io/providers/hashicorp/tls/latest/docs/resources/private_key)                                                 | resource    |

main.tf

@@ -46,6 +46,16 @@ resource "azurerm_kubernetes_cluster" "main" {
   } /*<box>*/ : replace(k, "avm_", var.tracing_tags_prefix) => v } : {}) /*</box>*/))
   workload_identity_enabled = var.workload_identity_enabled
 
+  dynamic "http_proxy_config" {
+    for_each = var.http_proxy_config == null ? [] : ["http_proxy_config"]
+    content {
+      http_proxy  = var.http_proxy_config.http_proxy
+      https_proxy = var.http_proxy_config.https_proxy
+      no_proxy    = var.http_proxy_config.no_proxy
+      trusted_ca  = var.http_proxy_config.trusted_ca
+    }
+  }
+
   dynamic "default_node_pool" {
     for_each = var.enable_auto_scaling == true ? [] : ["default_node_pool_manually_scaled"]
 
@@ -452,7 +462,12 @@ resource "azurerm_kubernetes_cluster" "main" {
   }
 
   lifecycle {
-    ignore_changes = [kubernetes_version]
+    ignore_changes = [
+      kubernetes_version,
+      http_proxy_config[0].no_proxy
+    ]
+
+    replace_triggered_by = [null_resource.aks_cluster_recreate]
 
     precondition {
       condition     = (var.client_id != "" && var.client_secret != "") || (var.identity_type != "")
@@ -506,6 +521,12 @@ resource "azurerm_kubernetes_cluster" "main" {
   }
 }
 
+resource "null_resource" "aks_cluster_recreate" {
+  triggers = {
+    http_proxy_no_proxy = try(join(",", var.http_proxy_config.no_proxy), "")
+  }
+}
+
 resource "null_resource" "kubernetes_version_keeper" {
   triggers = {
     version = var.kubernetes_version

variables.tf

@@ -57,6 +57,24 @@ variable "agents_min_count" {
   description = "Minimum number of nodes in a pool"
 }
 
+variable "http_proxy_config" {
+  type = object({
+    http_proxy  = optional(string)
+    https_proxy = optional(string)
+    no_proxy    = optional(list(string))
+    trusted_ca  = optional(string)
+  })
+  default     = null
+  description = <<-EOT
+    optional(object({
+      http_proxy  = (Optional) The proxy address to be used when communicating over HTTP. Changing this forces a new resource to be created.
+      https_proxy = (Optional) The proxy address to be used when communicating over HTTPS. Changing this forces a new resource to be created.
+      no_proxy    = (Optional) The list of domains that will not use the proxy for communication. Note: If you specify the `default_node_pool.0.vnet_subnet_id`, be sure to include the Subnet CIDR in the `no_proxy` list. Note: You may wish to use Terraform's `ignore_changes` functionality to ignore the changes to this field.
+      trusted_ca  = (Optional) The base64 encoded alternative CA certificate content in PEM format.
+  }))
+EOT
+}
+
 variable "agents_pool_kubelet_configs" {
   type = list(object({
     cpu_manager_policy        = optional(string)