Azure · jiaweitao001 · Dec 20, 2023 · Dec 18, 2023 · Dec 18, 2023
diff --git a/README.md b/README.md
@@ -370,7 +370,6 @@ No modules.
 | <a name="input_private_cluster_enabled"></a> [private\_cluster\_enabled](#input\_private\_cluster\_enabled) | If true cluster API server will be exposed only on internal IP address and available only in cluster vnet. | `bool` | `false` | no |
 | <a name="input_private_cluster_public_fqdn_enabled"></a> [private\_cluster\_public\_fqdn\_enabled](#input\_private\_cluster\_public\_fqdn\_enabled) | (Optional) Specifies whether a Public FQDN for this Private Cluster should be added. Defaults to `false`. | `bool` | `false` | no |
 | <a name="input_private_dns_zone_id"></a> [private\_dns\_zone\_id](#input\_private\_dns\_zone\_id) | (Optional) Either the ID of Private DNS Zone which should be delegated to this Cluster, `System` to have AKS manage this or `None`. In case of `None` you will need to bring your own DNS server and set up resolving, otherwise cluster will have issues after provisioning. Changing this forces a new resource to be created. | `string` | `null` | no |
-| <a name="input_public_network_access_enabled"></a> [public\_network\_access\_enabled](#input\_public\_network\_access\_enabled) | (Optional) Whether public network access is allowed for this Kubernetes Cluster. Defaults to `true`. Changing this forces a new resource to be created. | `bool` | `true` | no |
 | <a name="input_public_ssh_key"></a> [public\_ssh\_key](#input\_public\_ssh\_key) | A custom ssh key to control access to the AKS cluster. Changing this forces a new resource to be created. | `string` | `""` | no |
 | <a name="input_rbac_aad"></a> [rbac\_aad](#input\_rbac\_aad) | (Optional) Is Azure Active Directory integration enabled? | `bool` | `true` | no |
 | <a name="input_rbac_aad_admin_group_object_ids"></a> [rbac\_aad\_admin\_group\_object\_ids](#input\_rbac\_aad\_admin\_group\_object\_ids) | Object ID of groups with admin access. | `list(string)` | `null` | no |

diff --git a/examples/application_gateway_ingress/main.tf b/examples/application_gateway_ingress/main.tf
@@ -182,7 +182,6 @@ module "aks" {
   network_policy                                  = "azure"
   os_disk_size_gb                                 = 60
   private_cluster_enabled                         = false
-  public_network_access_enabled                   = true
   rbac_aad                                        = true
   rbac_aad_managed                                = true
   role_based_access_control_enabled               = true

diff --git a/examples/multiple_node_pools/main.tf b/examples/multiple_node_pools/main.tf
@@ -45,12 +45,11 @@ locals {
 module "aks" {
   source = "../.."
 
-  prefix                        = "prefix-${random_id.prefix.hex}"
-  resource_group_name           = local.resource_group.name
-  os_disk_size_gb               = 60
-  public_network_access_enabled = false
-  sku_tier                      = "Standard"
-  rbac_aad                      = false
-  vnet_subnet_id                = azurerm_subnet.test.id
-  node_pools                    = local.nodes
+  prefix              = "prefix-${random_id.prefix.hex}"
+  resource_group_name = local.resource_group.name
+  os_disk_size_gb     = 60
+  sku_tier            = "Standard"
+  rbac_aad            = false
+  vnet_subnet_id      = azurerm_subnet.test.id
+  node_pools          = local.nodes
 }
diff --git a/examples/named_cluster/main.tf b/examples/named_cluster/main.tf
@@ -69,7 +69,6 @@ module "aks_cluster_name" {
   cluster_log_analytics_workspace_name = "test-cluster"
   cluster_name                         = "test-cluster"
   disk_encryption_set_id               = azurerm_disk_encryption_set.des.id
-  public_network_access_enabled        = false
   identity_ids                         = [azurerm_user_assigned_identity.test.id]
   identity_type                        = "UserAssigned"
   log_analytics_solution = {

diff --git a/examples/startup/main.tf b/examples/startup/main.tf
@@ -106,7 +106,6 @@ module "aks" {
   node_os_channel_upgrade           = "NodeImage"
   os_disk_size_gb                   = 60
   private_cluster_enabled           = true
-  public_network_access_enabled     = false
   rbac_aad                          = true
   rbac_aad_managed                  = true
   role_based_access_control_enabled = true

diff --git a/examples/with_acr/main.tf b/examples/with_acr/main.tf
@@ -60,11 +60,10 @@ module "aks" {
   attached_acr_id_map = {
     example = azurerm_container_registry.example.id
   }
-  public_network_access_enabled = false
-  network_plugin                = "azure"
-  network_policy                = "azure"
-  os_disk_size_gb               = 60
-  sku_tier                      = "Standard"
-  rbac_aad                      = false
-  vnet_subnet_id                = azurerm_subnet.test.id
+  network_plugin  = "azure"
+  network_policy  = "azure"
+  os_disk_size_gb = 60
+  sku_tier        = "Standard"
+  rbac_aad        = false
+  vnet_subnet_id  = azurerm_subnet.test.id
 }
diff --git a/examples/without_monitor/main.tf b/examples/without_monitor/main.tf
@@ -39,12 +39,11 @@ resource "azurerm_dns_zone" "aks_web_app_routing" {
 module "aks_without_monitor" {
   source = "../.."
 
-  prefix                        = "prefix2-${random_id.prefix.hex}"
-  resource_group_name           = local.resource_group.name
-  admin_username                = null
-  azure_policy_enabled          = true
-  disk_encryption_set_id        = azurerm_disk_encryption_set.des.id
-  public_network_access_enabled = false
+  prefix                 = "prefix2-${random_id.prefix.hex}"
+  resource_group_name    = local.resource_group.name
+  admin_username         = null
+  azure_policy_enabled   = true
+  disk_encryption_set_id = azurerm_disk_encryption_set.des.id
   #checkov:skip=CKV_AZURE_4:The logging is turn off for demo purpose. DO NOT DO THIS IN PRODUCTION ENVIRONMENT!
   log_analytics_workspace_enabled   = false
   net_profile_pod_cidr              = "10.1.0.0/16"

diff --git a/main.tf b/main.tf
@@ -34,7 +34,6 @@ resource "azurerm_kubernetes_cluster" "main" {
   private_cluster_enabled             = var.private_cluster_enabled
   private_cluster_public_fqdn_enabled = var.private_cluster_public_fqdn_enabled
   private_dns_zone_id                 = var.private_dns_zone_id
-  public_network_access_enabled       = var.public_network_access_enabled
   role_based_access_control_enabled   = var.role_based_access_control_enabled
   run_command_enabled                 = var.run_command_enabled
   sku_tier                            = var.sku_tier

diff --git a/variables.tf b/variables.tf
@@ -1093,13 +1093,6 @@ variable "private_dns_zone_id" {
   description = "(Optional) Either the ID of Private DNS Zone which should be delegated to this Cluster, `System` to have AKS manage this or `None`. In case of `None` you will need to bring your own DNS server and set up resolving, otherwise cluster will have issues after provisioning. Changing this forces a new resource to be created."
 }
 
-variable "public_network_access_enabled" {
-  type        = bool
-  default     = true
-  description = "(Optional) Whether public network access is allowed for this Kubernetes Cluster. Defaults to `true`. Changing this forces a new resource to be created."
-  nullable    = false
-}
-
 variable "public_ssh_key" {
   type        = string
   default     = ""