From 0937b40ea465e61ccc651f2719d8f039cdc053c5 Mon Sep 17 00:00:00 2001
From: AleDore <alessio85.dore@gmail.com>
Date: Wed, 15 Nov 2023 16:36:37 +0100
Subject: [PATCH] add network_plugin_mode Overlay

---
 kubernetes_cluster/01_main.tf      | 15 ++++++++-------
 kubernetes_cluster/99_variables.tf | 22 ++++++++++++----------
 kubernetes_cluster/README.md       |  3 ++-
 3 files changed, 22 insertions(+), 18 deletions(-)

diff --git a/kubernetes_cluster/01_main.tf b/kubernetes_cluster/01_main.tf
index 27425e4b..970a2569 100644
--- a/kubernetes_cluster/01_main.tf
+++ b/kubernetes_cluster/01_main.tf
@@ -69,12 +69,13 @@ resource "azurerm_kubernetes_cluster" "this" {
     for_each = var.network_profile != null ? [var.network_profile] : []
     iterator = p
     content {
-      dns_service_ip    = p.value.dns_service_ip
-      network_policy    = p.value.network_policy
-      network_plugin    = p.value.network_plugin
-      outbound_type     = p.value.outbound_type
-      service_cidr      = p.value.service_cidr
-      load_balancer_sku = "standard"
+      dns_service_ip      = p.value.dns_service_ip
+      network_policy      = p.value.network_policy
+      network_plugin      = p.value.network_plugin
+      network_plugin_mode = p.value.network_plugin_mode
+      outbound_type       = p.value.outbound_type
+      service_cidr        = p.value.service_cidr
+      load_balancer_sku   = "standard"
       load_balancer_profile {
         outbound_ip_address_ids = var.outbound_ip_address_ids
       }
@@ -176,7 +177,7 @@ resource "azurerm_kubernetes_cluster_node_pool" "this" {
   node_taints = var.user_node_pool_node_taints
 
   ### networking
-  vnet_subnet_id        = var.network_profile.network_plugin == "azure" ? var.vnet_subnet_id : var.vnet_user_subnet_id
+  vnet_subnet_id        = var.network_profile.network_plugin_mode == "Overlay" ? var.vnet_user_subnet_id : var.vnet_subnet_id
   enable_node_public_ip = false
 
   upgrade_settings {
diff --git a/kubernetes_cluster/99_variables.tf b/kubernetes_cluster/99_variables.tf
index 87d8a67e..2fab5834 100644
--- a/kubernetes_cluster/99_variables.tf
+++ b/kubernetes_cluster/99_variables.tf
@@ -263,18 +263,20 @@ variable "api_server_authorized_ip_ranges" {
 
 variable "network_profile" {
   type = object({
-    dns_service_ip = string # e.g. '10.2.0.10'. IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns)
-    network_policy = string # e.g. 'azure'. Sets up network policy to be used with Azure CNI. Currently supported values are calico and azure.
-    network_plugin = string # e.g. 'azure'. Network plugin to use for networking. Currently supported values are azure and kubenet
-    outbound_type  = string # e.g. 'loadBalancer'. The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are loadBalancer, userDefinedRouting, managedNATGateway and userAssignedNATGateway. Defaults to loadBalancer
-    service_cidr   = string # e.g. '10.2.0.0/16'. The Network Range used by the Kubernetes service
+    dns_service_ip      = string # e.g. '10.2.0.10'. IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns)
+    network_policy      = string # e.g. 'azure'. Sets up network policy to be used with Azure CNI. Currently supported values are calico and azure.
+    network_plugin      = string # e.g. 'azure'. Network plugin to use for networking. Currently supported values are azure and kubenet
+    network_plugin_mode = string # e.g. 'azure'. Network plugin mode to use for networking. Currently supported value is Overlay
+    outbound_type       = string # e.g. 'loadBalancer'. The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are loadBalancer, userDefinedRouting, managedNATGateway and userAssignedNATGateway. Defaults to loadBalancer
+    service_cidr        = string # e.g. '10.2.0.0/16'. The Network Range used by the Kubernetes service
   })
   default = {
-    dns_service_ip = "10.2.0.10"
-    network_policy = "azure"
-    network_plugin = "azure"
-    outbound_type  = "loadBalancer"
-    service_cidr   = "10.2.0.0/16"
+    dns_service_ip      = "10.2.0.10"
+    network_policy      = "azure"
+    network_plugin      = "azure"
+    network_plugin_mode = ""
+    outbound_type       = "loadBalancer"
+    service_cidr        = "10.2.0.0/16"
   }
   description = "See variable description to understand how to use it, and see examples"
 }
diff --git a/kubernetes_cluster/README.md b/kubernetes_cluster/README.md
index 2763a0e9..02132162 100644
--- a/kubernetes_cluster/README.md
+++ b/kubernetes_cluster/README.md
@@ -707,7 +707,7 @@ No modules.
 | <a name="input_log_analytics_workspace_id"></a> [log\_analytics\_workspace\_id](#input\_log\_analytics\_workspace\_id) | The ID of the Log Analytics Workspace which the OMS Agent should send data to. | `string` | `null` | no |
 | <a name="input_microsoft_defender_log_analytics_workspace_id"></a> [microsoft\_defender\_log\_analytics\_workspace\_id](#input\_microsoft\_defender\_log\_analytics\_workspace\_id) | Specifies the ID of the Log Analytics Workspace where the audit logs collected by Microsoft Defender should be sent to | `string` | `null` | no |
 | <a name="input_name"></a> [name](#input\_name) | (Required) Cluster name | `string` | n/a | yes |
-| <a name="input_network_profile"></a> [network\_profile](#input\_network\_profile) | See variable description to understand how to use it, and see examples | <pre>object({<br>    dns_service_ip = string # e.g. '10.2.0.10'. IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns)<br>    network_policy = string # e.g. 'azure'. Sets up network policy to be used with Azure CNI. Currently supported values are calico and azure.<br>    network_plugin = string # e.g. 'azure'. Network plugin to use for networking. Currently supported values are azure and kubenet<br>    outbound_type  = string # e.g. 'loadBalancer'. The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are loadBalancer, userDefinedRouting, managedNATGateway and userAssignedNATGateway. Defaults to loadBalancer<br>    service_cidr   = string # e.g. '10.2.0.0/16'. The Network Range used by the Kubernetes service<br>  })</pre> | <pre>{<br>  "dns_service_ip": "10.2.0.10",<br>  "network_plugin": "azure",<br>  "network_policy": "azure",<br>  "outbound_type": "loadBalancer",<br>  "service_cidr": "10.2.0.0/16"<br>}</pre> | no |
+| <a name="input_network_profile"></a> [network\_profile](#input\_network\_profile) | See variable description to understand how to use it, and see examples | <pre>object({<br>    dns_service_ip      = string # e.g. '10.2.0.10'. IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns)<br>    network_policy      = string # e.g. 'azure'. Sets up network policy to be used with Azure CNI. Currently supported values are calico and azure.<br>    network_plugin      = string # e.g. 'azure'. Network plugin to use for networking. Currently supported values are azure and kubenet<br>    network_plugin_mode = string # e.g. 'azure'. Network plugin mode to use for networking. Currently supported value is Overlay<br>    outbound_type       = string # e.g. 'loadBalancer'. The outbound (egress) routing method which should be used for this Kubernetes Cluster. Possible values are loadBalancer, userDefinedRouting, managedNATGateway and userAssignedNATGateway. Defaults to loadBalancer<br>    service_cidr        = string # e.g. '10.2.0.0/16'. The Network Range used by the Kubernetes service<br>  })</pre> | <pre>{<br>  "dns_service_ip": "10.2.0.10",<br>  "network_plugin": "azure",<br>  "network_plugin_mode": "",<br>  "network_policy": "azure",<br>  "outbound_type": "loadBalancer",<br>  "service_cidr": "10.2.0.0/16"<br>}</pre> | no |
 | <a name="input_outbound_ip_address_ids"></a> [outbound\_ip\_address\_ids](#input\_outbound\_ip\_address\_ids) | The ID of the Public IP Addresses which should be used for outbound communication for the cluster load balancer. | `list(string)` | `[]` | no |
 | <a name="input_private_cluster_enabled"></a> [private\_cluster\_enabled](#input\_private\_cluster\_enabled) | (Optional) Provides a Private IP Address for the Kubernetes API on the Virtual Network where the Kubernetes Cluster is located. | `bool` | `false` | no |
 | <a name="input_rbac_enabled"></a> [rbac\_enabled](#input\_rbac\_enabled) | Is Role Based Access Control Enabled? | `bool` | `true` | no |
@@ -747,6 +747,7 @@ No modules.
 | <a name="input_user_node_pool_vm_size"></a> [user\_node\_pool\_vm\_size](#input\_user\_node\_pool\_vm\_size) | (Required) The size of the Virtual Machine, such as Standard\_B4ms or Standard\_D4s\_vX. See https://pagopa.atlassian.net/wiki/spaces/DEVOPS/pages/134840344/Best+practice+su+prodotti | `string` | n/a | yes |
 | <a name="input_vnet_id"></a> [vnet\_id](#input\_vnet\_id) | (Required) Virtual network id, where the k8s cluster is deployed. | `string` | n/a | yes |
 | <a name="input_vnet_subnet_id"></a> [vnet\_subnet\_id](#input\_vnet\_subnet\_id) | (Optional) The ID of a Subnet where the Kubernetes Node Pool should exist. Changing this forces a new resource to be created. | `string` | `null` | no |
+| <a name="input_vnet_user_subnet_id"></a> [vnet\_user\_subnet\_id](#input\_vnet\_user\_subnet\_id) | (Optional) The ID of a Subnet where the Kubernetes User Node Pool should exist. Changing this forces a new resource to be created. | `string` | `null` | no |
 
 ## Outputs