[AVM Module Issue]: Include support for AKS automatic cluster in a custom virtual network

[Anders-Kristiansen]

Check for previous/existing GitHub issues

• I have checked for previous/existing GitHub issues

Issue Type?

Feature Request

Module Name

(https://github.com/Azure/bicep-registry-modules/blob/avm/res/container-service/managed-cluster)

(Optional) Module Version

https://github.com/Azure/bicep-registry-modules/blob/avm/res/container-service/managed-cluster/0.8.1/avm/res/container-service/managed-cluster/README.md

Description

Support for API server subnet configuration in AKS Automatic mode

Issue Description

The current AVM AKS module (v0.8.1) doesn't support configuring a custom subnet for the API server endpoint when using AKS Automatic mode. This feature is available in the native AKS resource but not exposed through the module parameters.

Feature Request

Add support for configuring the API server subnet through the apiServerAccessProfile by adding a new parameter for the subnet ID.

Use Case

When deploying AKS in Automatic mode with custom networking requirements, users need to be able to:

• Specify a dedicated subnet for the API server endpoint
• Control network security and routing for API server traffic
• Implement network segregation between API server and node pool components

Current Workaround

Currently, users must use direct AKS resource deployment instead of the AVM module to configure the API server subnet:

resource aks 'Microsoft.ContainerService/managedClusters@2024-02-01' = {
  properties: {
    apiServerAccessProfile: {
      subnetId: '/subscriptions/.../subnets/api-server-subnet'
    }
  }
}

Proposed Changes

Add new parameter to support API server subnet configuration:

@description('Optional. The subnet ID for the API server endpoint.')
param apiServerSubnetId string = ''

// Use in apiServerAccessProfile
apiServerAccessProfile: {
  subnetId: !empty(apiServerSubnetId) ? apiServerSubnetId : null
  // ... existing properties ...
}

Documentation Reference

• Create an AKS Automatic cluster in a custom virtual network
• AKS API server subnet configuration

Additional Context

This feature is particularly important for enterprise deployments where network isolation and security are critical requirements.

(Optional) Correlation Id

No response

[microsoft-github-policy-service]

Important

The "Needs: Triage 🔍" label must be removed once the triage process is complete!

Tip

For additional guidance on how to triage this issue/PR, see the BRM Issue Triage documentation.

[avm-team-linter]

@Anders-Kristiansen, thanks for submitting this issue for the https://github.com/Azure/bicep-registry-modules/blob/avm/res/container-service/managed-cluster/0.8.1/avm/res/container-service/managed-cluster/README.md module!

Important

The module does not exist yet, we look into it. Please file a new module proposal under AVM Module proposal.