Add support for storage blob network rules

Obmondo · Oct 8, 2024 · 618f0bf · 618f0bf
1 parent 18a3fe3
commit 618f0bf
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 2 deletions.
diff --git a/terraform/azure/aks/aks.tf b/terraform/azure/aks/aks.tf
@@ -94,12 +94,15 @@ resource "azurerm_storage_account" "cluster_backup" {
   account_replication_type = "LRS"
   min_tls_version = "TLS1_2"
   network_rules {
-    default_action             = "Deny"
+    default_action             = var.network_rules_default_action
     ip_rules                   = []
-    private_link_access {
+    dynamic "private_link_access" {
+      for_each = var.cluster_backup_endpoint_resource_id != null ? [1] : []
+      content {
         endpoint_resource_id = var.cluster_backup_endpoint_resource_id
         endpoint_tenant_id   = var.cluster_backup_endpoint_tenant_id
       }
+    }
   }
 
 }

diff --git a/terraform/azure/aks/variables-aks.tf b/terraform/azure/aks/variables-aks.tf
@@ -294,4 +294,10 @@ variable "azure_policy_enabled" {
   description = "value to enable or disable azure policy"
   type        = bool
   default     = false
+}
+
+variable "network_rules_default_action" {
+  description = "Default action for network rules"
+  type        = string
+  default     = "Deny"
 }