address code review

Author: anson627

locals.tf

@@ -1,4 +1,6 @@
 locals {
+  # Centralize AzAPI version for AKS managedClusters operations
+  aks_managed_clusters_api_version = "2025-09-01"
   # Abstract if auto_scaler_profile_scale_down_delay_after_delete is not set or null we should use the scan_interval.
   auto_scaler_profile_scale_down_delay_after_delete = var.auto_scaler_profile_scale_down_delay_after_delete == null ? var.auto_scaler_profile_scan_interval : var.auto_scaler_profile_scale_down_delay_after_delete
   # automatic upgrades are either:

main.tf

@@ -700,7 +700,7 @@ resource "time_sleep" "interval_before_cluster_update" {
 
 resource "azapi_update_resource" "aks_cluster_post_create" {
   resource_id = azurerm_kubernetes_cluster.main.id
-  type        = "Microsoft.ContainerService/managedClusters@2024-02-01"
+  type        = "Microsoft.ContainerService/managedClusters@${local.aks_managed_clusters_api_version}"
   body = {
     properties = {
       kubernetesVersion = var.kubernetes_version
@@ -729,7 +729,7 @@ resource "azapi_update_resource" "aks_cluster_http_proxy_config_no_proxy" {
   count = can(var.http_proxy_config.no_proxy[0]) ? 1 : 0
 
   resource_id = azurerm_kubernetes_cluster.main.id
-  type        = "Microsoft.ContainerService/managedClusters@2024-02-01"
+  type        = "Microsoft.ContainerService/managedClusters@${local.aks_managed_clusters_api_version}"
   body = {
     properties = {
       httpProxyConfig = {
@@ -759,34 +759,30 @@ resource "azapi_update_resource" "aks_cluster_localdns_config" {
   count = var.localdns_config != null ? 1 : 0
 
   resource_id = azurerm_kubernetes_cluster.main.id
-  type        = "Microsoft.ContainerService/managedClusters@2024-02-01"
+  type        = "Microsoft.ContainerService/managedClusters@${local.aks_managed_clusters_api_version}"
   body = {
     properties = {
-      localDNSConfig = {
+      localDNSProfile = {
         mode = var.localdns_config.mode
         vnetDNSOverrides = var.localdns_config.vnet_dns_overrides != null ? {
-          for zone_name, zone_config in var.localdns_config.vnet_dns_overrides.zones : zone_name => {
-            queryLogging                = zone_config.query_logging
-            protocol                    = zone_config.protocol
-            forwardDestination          = zone_config.forward_destination
-            forwardPolicy               = zone_config.forward_policy
-            maxConcurrent               = zone_config.max_concurrent
-            cacheDurationInSeconds      = zone_config.cache_duration_in_seconds
-            serveStaleDurationInSeconds = zone_config.serve_stale_duration_in_seconds
-            serveStale                  = zone_config.serve_stale
-          }
+          queryLogging                = var.localdns_config.vnet_dns_overrides.query_logging
+          protocol                    = var.localdns_config.vnet_dns_overrides.protocol
+          forwardDestination          = var.localdns_config.vnet_dns_overrides.forward_destination
+          forwardPolicy               = var.localdns_config.vnet_dns_overrides.forward_policy
+          maxConcurrent               = var.localdns_config.vnet_dns_overrides.max_concurrent
+          cacheDurationInSeconds      = var.localdns_config.vnet_dns_overrides.cache_duration_in_seconds
+          serveStaleDurationInSeconds = var.localdns_config.vnet_dns_overrides.serve_stale_duration_in_seconds
+          serveStale                  = var.localdns_config.vnet_dns_overrides.serve_stale
         } : null
         kubeDNSOverrides = var.localdns_config.kube_dns_overrides != null ? {
-          for zone_name, zone_config in var.localdns_config.kube_dns_overrides.zones : zone_name => {
-            queryLogging                = zone_config.query_logging
-            protocol                    = zone_config.protocol
-            forwardDestination          = zone_config.forward_destination
-            forwardPolicy               = zone_config.forward_policy
-            maxConcurrent               = zone_config.max_concurrent
-            cacheDurationInSeconds      = zone_config.cache_duration_in_seconds
-            serveStaleDurationInSeconds = zone_config.serve_stale_duration_in_seconds
-            serveStale                  = zone_config.serve_stale
-          }
+          queryLogging                = var.localdns_config.kube_dns_overrides.query_logging
+          protocol                    = var.localdns_config.kube_dns_overrides.protocol
+          forwardDestination          = var.localdns_config.kube_dns_overrides.forward_destination
+          forwardPolicy               = var.localdns_config.kube_dns_overrides.forward_policy
+          maxConcurrent               = var.localdns_config.kube_dns_overrides.max_concurrent
+          cacheDurationInSeconds      = var.localdns_config.kube_dns_overrides.cache_duration_in_seconds
+          serveStaleDurationInSeconds = var.localdns_config.kube_dns_overrides.serve_stale_duration_in_seconds
+          serveStale                  = var.localdns_config.kube_dns_overrides.serve_stale
         } : null
       }
     }

variables.tf

@@ -655,39 +655,35 @@ variable "localdns_config" {
   type = object({
     mode = string
     vnet_dns_overrides = optional(object({
-      zones = map(object({
-        query_logging                   = optional(string)
-        protocol                        = optional(string)
-        forward_destination             = optional(string)
-        forward_policy                  = optional(string)
-        max_concurrent                  = optional(number)
-        cache_duration_in_seconds       = optional(number)
-        serve_stale_duration_in_seconds = optional(number)
-        serve_stale                     = optional(string)
-      }))
+      query_logging                   = optional(string)
+      protocol                        = optional(string)
+      forward_destination             = optional(string)
+      forward_policy                  = optional(string)
+      max_concurrent                  = optional(number)
+      cache_duration_in_seconds       = optional(number)
+      serve_stale_duration_in_seconds = optional(number)
+      serve_stale                     = optional(string)
     }))
     kube_dns_overrides = optional(object({
-      zones = map(object({
-        query_logging                   = optional(string)
-        protocol                        = optional(string)
-        forward_destination             = optional(string)
-        forward_policy                  = optional(string)
-        max_concurrent                  = optional(number)
-        cache_duration_in_seconds       = optional(number)
-        serve_stale_duration_in_seconds = optional(number)
-        serve_stale                     = optional(string)
-      }))
+      query_logging                   = optional(string)
+      protocol                        = optional(string)
+      forward_destination             = optional(string)
+      forward_policy                  = optional(string)
+      max_concurrent                  = optional(number)
+      cache_duration_in_seconds       = optional(number)
+      serve_stale_duration_in_seconds = optional(number)
+      serve_stale                     = optional(string)
     }))
   })
   default     = null
   description = <<-EOT
 (Optional) Configuration for LocalDNS feature in AKS cluster. This configures DNS settings for pods and nodes.
 
 - `mode` - (Required) Controls LocalDNS enforcement. Possible values are `Required`, `Disabled`, or `Preferred`.
-- `vnet_dns_overrides` - (Optional) Configuration for pods using `dnsPolicy:default`. Contains a map of DNS zones.
-- `kube_dns_overrides` - (Optional) Configuration for pods using `dnsPolicy:ClusterFirst`. Contains a map of DNS zones.
+- `vnet_dns_overrides` - (Optional) Configuration for pods using `dnsPolicy:default`. DNS override settings apply to VnetDNS traffic.
+- `kube_dns_overrides` - (Optional) Configuration for pods using `dnsPolicy:ClusterFirst`. DNS override settings apply to KubeDNS traffic.
 
-Each DNS zone configuration supports:
+Each DNS override configuration supports:
 - `query_logging` - (Optional) Logging level. Possible values are `Error` or `Log`.
 - `protocol` - (Optional) DNS protocol preference. Possible values are `PreferUDP` or `ForceTCP`.
 - `forward_destination` - (Optional) Target DNS server. Possible values are `VnetDNS` or `ClusterCoreDNS`.
@@ -698,8 +694,6 @@ Each DNS zone configuration supports:
 - `serve_stale` - (Optional) Stale serving policy. Possible values are `Verify`, `Immediate`, or `Disabled`.
 
 Constraints:
-- Root zone "." under `vnet_dns_overrides` cannot use `ClusterCoreDNS` as `forward_destination`
-- Zone "cluster.local" cannot use `VnetDNS` as `forward_destination`
 - When `protocol` is `ForceTCP`, `serve_stale` cannot be `Verify`
 
 For more information see: https://learn.microsoft.com/en-us/azure/aks/localdns-custom