Merge pull request #39 from using-system/fix/aks

using-system · web-flow · commit d417e938f33e · 2024-04-01T09:48:22.000+02:00
feat: Add enable_microsoft_defender/upgrade_max_surge variables for a…
diff --git a/terraform/modules/az-aks/main.tf b/terraform/modules/az-aks/main.tf
@@ -34,6 +34,10 @@ resource "azurerm_kubernetes_cluster" "aks" {
     temporary_name_for_rotation  = var.configuration.node_pool.temporary_name_for_rotation
     enable_host_encryption       = true
     only_critical_addons_enabled = var.configuration.node_pool.only_critical_addons_enabled
+
+    upgrade_settings {
+      max_surge = var.configuration.node_pool.upgrade_max_surge
+    }
   }
 
   identity {
@@ -46,7 +50,12 @@ resource "azurerm_kubernetes_cluster" "aks" {
   oms_agent {
     log_analytics_workspace_id = var.log_analytics_id
   }
-
+  dynamic "microsoft_defender" {
+    for_each = var.configuration.enable_microsoft_defender == false ? [] : ["microsoft_defender"]
+    content {
+      log_analytics_workspace_id = var.log_analytics_id
+    }
+  }
   dynamic "key_management_service" {
     for_each = var.configuration.kv_key_management_service_id == null ? [] : ["key_management_service"]
 
diff --git a/terraform/modules/az-aks/tests/cluster_creation.tftest.hcl b/terraform/modules/az-aks/tests/cluster_creation.tftest.hcl
@@ -19,7 +19,7 @@ run "plan" {
     name                    = "az-aks-cluster"
     configuration           = {
         version                      = "1.28.5"
-        sku                          = "Free"
+        sku                          = "Standard"
         private_cluster              = true
         user_assigned_identity_id    = run.setup.assigned_identity_id
         local_account_disabled       = true
@@ -100,7 +100,7 @@ run "apply" {
         name                    = "az-aks-cluster"
         configuration           = {
             version                      = "1.28.5"
-            sku                          = "Free"
+            sku                          = "Standard"
             private_cluster              = true
             user_assigned_identity_id    = run.setup.assigned_identity_id
             local_account_disabled       = true
diff --git a/terraform/modules/az-aks/variables.tf b/terraform/modules/az-aks/variables.tf
@@ -23,6 +23,7 @@ variable "configuration" {
     public_ssh_key               = optional(string)
     automatic_channel_upgrade    = optional(string)
     kv_key_management_service_id = optional(string)
+    enable_microsoft_defender    = optional(bool, true)
     node_pool = object({
       type                         = string
       count                        = number
@@ -32,6 +33,7 @@ variable "configuration" {
       max_pods                     = optional(number, 110)
       temporary_name_for_rotation  = optional(string)
       only_critical_addons_enabled = optional(bool, true)
+      upgrade_max_surge            = optional(string, "10%")
     })
     rbac = object({
       enabled                = bool
