Add custom_ca_trust_certificates_base64 support

ryan-grenz-evelyn · ryan-grenz-evelyn · commit 4b8f0d5e2f62 · 2025-09-15T16:57:50.000+01:00
diff --git a/main.tf b/main.tf
@@ -17,6 +17,7 @@ resource "azurerm_kubernetes_cluster" "main" {
   automatic_upgrade_channel           = var.automatic_channel_upgrade
   azure_policy_enabled                = var.azure_policy_enabled
   cost_analysis_enabled               = var.cost_analysis_enabled
+  custom_ca_trust_certificates_base64 = var.custom_ca_trust_certificates_base64
   disk_encryption_set_id              = var.disk_encryption_set_id
   dns_prefix                          = var.prefix
   dns_prefix_private_cluster          = var.dns_prefix_private_cluster
diff --git a/variables.tf b/variables.tf
@@ -457,6 +457,13 @@ variable "create_role_assignments_for_application_gateway" {
   nullable    = false
 }
 
+variable "custom_ca_trust_certificates_base64" {
+  type        = list(any)
+  default     = []
+  description = "(Optional) A list of up to 10 base64 encoded CA certificates that will be added to the trust store on nodes."
+  nullable    = false
+}
+
 variable "data_collection_settings" {
   type = object({
     data_collection_interval                     = string
@@ -1573,4 +1580,4 @@ variable "upgrade_override" {
     `force_upgrade_enabled` - (Required) Whether to force upgrade the cluster. Possible values are `true` or `false`.
     `effective_until` - (Optional) Specifies the duration, in RFC 3339 format (e.g., `2025-10-01T13:00:00Z`), the upgrade_override values are effective. This field must be set for the `upgrade_override` values to take effect. The date-time must be within the next 30 days.
   EOT
-}
+}
