4.0 KiB
Notice on Upgrade to v5.x
V5.0.0 is a major version upgrade and a lot of breaking changes have been introduced. Extreme caution must be taken during the upgrade to avoid resource replacement and downtime by accident.
Running the terraform plan
first to inspect the plan is strongly advised.
Terraform and terraform-provider-azurerm version restrictions
Now Terraform core's lowest version is v1.2.0 and terraform-provider-azurerm's lowest version is v3.21.0.
variable user_assigned_identity_id
has been renamed.
variable user_assigned_identity_id
has been renamed to identity_ids
and it's type has been changed from string
to list(string)
.
addon_profile
in outputs is no longer available.
It has been broken into the following new outputs:
aci_connector_linux
aci_connector_linux_enabled
azure_policy_enabled
http_application_routing_enabled
ingress_application_gateway
ingress_application_gateway_enabled
key_vault_secrets_provider
key_vault_secrets_provider_enabled
oms_agent
oms_agent_enabled
open_service_mesh_enabled
The following variables have been renamed from enable_xxx
to xxx_enabled
enable_azure_policy
has been renamed toazure_policy_enabled
enable_http_application_routing
has been renamed tohttp_application_routing_enabled
enable_ingress_application_gateway
has been renamed toingress_application_gateway_enabled
enable_log_analytics_workspace
has been renamed tolog_analytics_workspace_enabled
enable_open_service_mesh
has been renamed toopen_service_mesh_enabled
enable_role_based_access_control
has been renamed torole_based_access_control_enabled
nullable = true
has been added to the following variables so setting them to null
explicitly will use the default value
log_analytics_workspace_enable
os_disk_type
private_cluster_enabled
rbac_aad_managed
rbac_aad_admin_group_object_ids
network_policy
enable_node_public_ip
var.admin_username
's default value has been removed
In v4.x var.admin_username
has a default value azureuser
and has been removed in V5.0.0. Since the admin_username
argument in linux_profile
block is a ForceNew argument, any value change to this argument will trigger a Kubernetes cluster replacement SO THE EXTREME CAUTION MUST BE TAKEN. The module's callers must set var.admin_username
to azureuser
explicitly if they didn't set it before.
module.ssh-key
has been removed
The file named private_ssh_key
which contains the tls private key will be deleted since the local_file
resource has been removed. Now the private key is exported via generated_cluster_private_ssh_key
in output and the corresponding public key is exported via generated_cluster_public_ssh_key
in output.
A moved
block has been added to relocate the existing tls_private_key
resource to the new address. If the var.admin_username
is not null
, no action is needed.
Resource tls_private_key
's creation now is conditional. Users may see the destruction of existing tls_private_key
in the generated plan if var.admin_username
is null
.
system_assigned_identity
in the output has been renamed to cluster_identity
The system_assigned_identity
was:
output "system_assigned_identity" {
value = azurerm_kubernetes_cluster.main.identity
}
Now it has been renamed to cluster_identity
, and the block has been changed to:
output "cluster_identity" {
description = "The `azurerm_kubernetes_cluster`'s `identity` block."
value = try(azurerm_kubernetes_cluster.main.identity[0], null)
}
The callers who used to read the cluster's identity block need to remove the index in their expression, from module.aks.system_assigned_identity[0]
to module.aks.cluster_identity
.
The following outputs are now sensitive. All outputs referenced them must be declared as sensitive too
client_certificate
client_key
cluster_ca_certificate
generated_cluster_private_ssh_key
host
kube_admin_config_raw
kube_config_raw
password
username