Merge branch 'main' into update-k8s-max-version

nebari-dev · Jan 10, 2025 · 5a17507 · 5a17507
2 parents e840d75 + 6ef8cff
commit 5a17507
Show file tree

Hide file tree

Showing 5 changed files with 19 additions and 0 deletions.
diff --git a/src/_nebari/stages/infrastructure/__init__.py b/src/_nebari/stages/infrastructure/__init__.py
@@ -95,6 +95,7 @@ class AzureInputVars(schema.Base):
     name: str
     environment: str
     region: str
+    authorized_ip_ranges: List[str] = ["0.0.0.0/0"]
     kubeconfig_filename: str = get_kubeconfig_filename()
     kubernetes_version: str
     node_groups: Dict[str, AzureNodeGroupInputVars]
@@ -362,6 +363,7 @@ class AzureProvider(schema.Base):
     region: str
     kubernetes_version: Optional[str] = None
     storage_account_postfix: str
+    authorized_ip_ranges: Optional[List[str]] = ["0.0.0.0/0"]
     resource_group_name: Optional[str] = None
     node_groups: Dict[str, AzureNodeGroup] = DEFAULT_AZURE_NODE_GROUPS
     storage_account_postfix: str
@@ -799,6 +801,7 @@ def input_vars(self, stage_outputs: Dict[str, Dict[str, Any]]):
                 environment=self.config.namespace,
                 region=self.config.azure.region,
                 kubernetes_version=self.config.azure.kubernetes_version,
+                authorized_ip_ranges=self.config.azure.authorized_ip_ranges,
                 node_groups={
                     name: AzureNodeGroupInputVars(
                         instance=node_group.instance,

diff --git a/src/_nebari/stages/infrastructure/template/azure/main.tf b/src/_nebari/stages/infrastructure/template/azure/main.tf
@@ -28,6 +28,7 @@ module "kubernetes" {
   kubernetes_version       = var.kubernetes_version
   tags                     = var.tags
   max_pods                 = var.max_pods
+  authorized_ip_ranges     = var.authorized_ip_ranges
 
   network_profile = var.network_profile
 

diff --git a/src/_nebari/stages/infrastructure/template/azure/modules/kubernetes/main.tf b/src/_nebari/stages/infrastructure/template/azure/modules/kubernetes/main.tf
@@ -4,6 +4,9 @@ resource "azurerm_kubernetes_cluster" "main" {
   location            = var.location
   resource_group_name = var.resource_group_name
   tags                = var.tags
+  api_server_access_profile {
+    authorized_ip_ranges = var.authorized_ip_ranges
+  }
 
   # To enable Azure AD Workload Identity oidc_issuer_enabled must be set to true.
   oidc_issuer_enabled       = var.workload_identity_enabled

diff --git a/src/_nebari/stages/infrastructure/template/azure/modules/kubernetes/variables.tf b/src/_nebari/stages/infrastructure/template/azure/modules/kubernetes/variables.tf
@@ -77,6 +77,12 @@ variable "workload_identity_enabled" {
   default     = false
 }
 
+variable "authorized_ip_ranges" {
+  description = "The ip range allowed to access the Kubernetes API server, defaults to 0.0.0.0/0"
+  type        = list(string)
+  default     = ["0.0.0.0/0"]
+}
+
 variable "azure_policy_enabled" {
   description = "Enable Azure Policy"
   type        = bool

diff --git a/src/_nebari/stages/infrastructure/template/azure/variables.tf b/src/_nebari/stages/infrastructure/template/azure/variables.tf
@@ -83,6 +83,12 @@ variable "workload_identity_enabled" {
   default     = false
 }
 
+variable "authorized_ip_ranges" {
+  description = "The ip range allowed to access the Kubernetes API server, defaults to 0.0.0.0/0"
+  type        = list(string)
+  default     = ["0.0.0.0/0"]
+}
+
 variable "azure_policy_enabled" {
   description = "Enable Azure Policy"
   type        = bool