diff --git a/modules/container-service/managed-cluster/README.md b/modules/container-service/managed-cluster/README.md index f2ffed3f46..bca703ec61 100644 --- a/modules/container-service/managed-cluster/README.md +++ b/modules/container-service/managed-cluster/README.md @@ -2435,6 +2435,7 @@ Specifies whether the webApplicationRoutingEnabled add-on is enabled or not. | `resourceGroupName` | string | The resource group the managed cluster was deployed into. | | `resourceId` | string | The resource ID of the managed cluster. | | `systemAssignedMIPrincipalId` | string | The principal ID of the system assigned identity. | +| `webAppRoutingIdentityObjectId` | string | The Object ID of Web Application Routing. | ## Cross-referenced modules diff --git a/modules/container-service/managed-cluster/main.bicep b/modules/container-service/managed-cluster/main.bicep index 20456caecf..21208d0a5a 100644 --- a/modules/container-service/managed-cluster/main.bicep +++ b/modules/container-service/managed-cluster/main.bicep @@ -712,7 +712,7 @@ resource managedCluster_roleAssignments 'Microsoft.Authorization/roleAssignments scope: managedCluster }] -resource dnsZone 'Microsoft.Network/dnsZones@2018-05-01' existing = if (dnsZoneResourceId != null && webApplicationRoutingEnabled) { +resource dnsZone 'Microsoft.Network/dnsZones@2018-05-01' existing = if (enableDnsZoneContributorRoleAssignment == true && dnsZoneResourceId != null && webApplicationRoutingEnabled) { name: last(split((!empty(dnsZoneResourceId) ? dnsZoneResourceId : '/dummmyZone'), '/'))! } @@ -762,6 +762,9 @@ output oidcIssuerUrl string = enableOidcIssuerProfile ? managedCluster.propertie @description('The addonProfiles of the Kubernetes cluster.') output addonProfiles object = contains(managedCluster.properties, 'addonProfiles') ? managedCluster.properties.addonProfiles : {} +@description('The Object ID of Web Application Routing.') +output webAppRoutingIdentityObjectId string = contains(managedCluster.properties, 'ingressProfile') && contains(managedCluster.properties.ingressProfile, 'webAppRouting') && contains(managedCluster.properties.ingressProfile.webAppRouting, 'identity') && contains(managedCluster.properties.ingressProfile.webAppRouting.identity, 'objectId') ? managedCluster.properties.ingressProfile.webAppRouting.identity.objectId : '' + // =============== // // Definitions // // =============== // diff --git a/modules/container-service/managed-cluster/main.json b/modules/container-service/managed-cluster/main.json index 24c4e7027f..b3e159c0f7 100644 --- a/modules/container-service/managed-cluster/main.json +++ b/modules/container-service/managed-cluster/main.json @@ -6,7 +6,7 @@ "_generator": { "name": "bicep", "version": "0.23.1.45101", - "templateHash": "609013537229775592" + "templateHash": "1679575632831341410" }, "name": "Azure Kubernetes Service (AKS) Managed Clusters", "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster.", @@ -1286,7 +1286,7 @@ ] }, "dnsZone": { - "condition": "[and(not(equals(parameters('dnsZoneResourceId'), null())), parameters('webApplicationRoutingEnabled'))]", + "condition": "[and(and(equals(parameters('enableDnsZoneContributorRoleAssignment'), true()), not(equals(parameters('dnsZoneResourceId'), null()))), parameters('webApplicationRoutingEnabled'))]", "existing": true, "type": "Microsoft.Network/dnsZones", "apiVersion": "2018-05-01", @@ -2261,6 +2261,13 @@ "description": "The addonProfiles of the Kubernetes cluster." }, "value": "[if(contains(reference('managedCluster'), 'addonProfiles'), reference('managedCluster').addonProfiles, createObject())]" + }, + "webAppRoutingIdentityObjectId": { + "type": "string", + "metadata": { + "description": "The Object ID of Web Application Routing." + }, + "value": "[if(and(and(and(contains(reference('managedCluster'), 'ingressProfile'), contains(reference('managedCluster').ingressProfile, 'webAppRouting')), contains(reference('managedCluster').ingressProfile.webAppRouting, 'identity')), contains(reference('managedCluster').ingressProfile.webAppRouting.identity, 'objectId')), reference('managedCluster').ingressProfile.webAppRouting.identity.objectId, '')]" } } } \ No newline at end of file