Provider version upgrade results in api server authorized ip ranges being set in plan

Hi, we have an AKS cluster provisioned with a pretty old version of azurerm (2.59.0) and we are trying to upgrade it to the latest (3.49.0). However the Terraform plan shows the following drift after we resolved the syntax changes, where the api_server_authorized_ip_ranges being added seems concerning, since we don’t have anything configured for api_server_access_profile. Any ideas whether it is avoidable or whether it is benign? Thanks!

  # azurerm_kubernetes_cluster.my_cluster will be updated in-place
  ~ resource "azurerm_kubernetes_cluster" "my_cluster" {
      + api_server_authorized_ip_ranges     = (known after apply)
        id                                  = <ID>
      + image_cleaner_enabled               = false
      + image_cleaner_interval_hours        = 48
        name                                = "my-cluster-name"
        # (25 unchanged attributes hidden)

        # (11 unchanged blocks hidden)
    }
1 Like

I’m experiencing similar issue that api_server_authorized_ip_ranges = [] no longer Disable authorized IP ranges. I’m also observing the behaviour is different between AzureRM provider versions, I have posted more details as comment to this issue