add monitoring and networking

Azure · Feb 20, 2024 · 29cf373 · 29cf373
1 parent 715659a
commit 29cf373
Show file tree

Hide file tree

Showing 4 changed files with 108 additions and 4 deletions.
diff --git a/README.md b/README.md
@@ -154,6 +154,14 @@ object({
 
 Default: `{}`
 
+### <a name="input_log_analytics_workspace_id"></a> [log\_analytics\_workspace\_id](#input\_log\_analytics\_workspace\_id)
+
+Description: (Optional) The ID of the Log Analytics Workspace to use for the OMS agent.
+
+Type: `string`
+
+Default: `null`
+
 ### <a name="input_managed_identities"></a> [managed\_identities](#input\_managed\_identities)
 
 Description: Managed identities to be created for the resource.
@@ -169,6 +177,33 @@ object({
 
 Default: `{}`
 
+### <a name="input_monitor_metrics"></a> [monitor\_metrics](#input\_monitor\_metrics)
+
+Description: (Optional) Specifies a Prometheus add-on profile for the Kubernetes Cluster  
+object({  
+  annotations\_allowed = "(Optional) Specifies a comma-separated list of Kubernetes annotation keys that will be used in the resource's labels metric."  
+  labels\_allowed      = "(Optional) Specifies a Comma-separated list of additional Kubernetes label keys that will be used in the resource's labels metric."
+})
+
+Type:
+
+```hcl
+object({
+    annotations_allowed = optional(string)
+    labels_allowed      = optional(string)
+  })
+```
+
+Default: `null`
+
+### <a name="input_msi_auth_for_monitoring_enabled"></a> [msi\_auth\_for\_monitoring\_enabled](#input\_msi\_auth\_for\_monitoring\_enabled)
+
+Description: (Optional) Is managed identity authentication for monitoring enabled?
+
+Type: `bool`
+
+Default: `null`
+
 ### <a name="input_node_pools"></a> [node\_pools](#input\_node\_pools)
 
 Description: The node pools to create on the Kubernetes Cluster.

diff --git a/locals.tf b/locals.tf
@@ -15,4 +15,5 @@ locals {
       }
     ]
   ]) : "${assoc.pe_key}-${assoc.asg_key}" => assoc }
-}
+}
+
diff --git a/main.tf b/main.tf
@@ -48,9 +48,37 @@ resource "azurerm_kubernetes_cluster" "this" {
       identity_ids = var.identity_ids
     }
   }
-  # Say you have a region and documentation supportts availability zone how do i know how many zones exitist
-  key_vault_secrets_provider {
-    secret_rotation_enabled = true
+  dynamic "key_vault_secrets_provider" {
+    for_each = var.key_vault_secrets_provider_enabled ? ["key_vault_secrets_provider"] : []
+
+    content {
+      secret_rotation_enabled  =true
+    }
+  }
+
+    dynamic "monitor_metrics" {
+
+    for_each = var.monitor_metrics != null ? [var.monitor_metrics] : []
+
+    content {
+      annotations_allowed = var.monitor_metrics.annotations_allowed
+      labels_allowed      = var.monitor_metrics.labels_allowed
+    }
+  }
+  network_profile {
+    network_plugin      = "azure"
+    load_balancer_sku   = "standard"
+    network_plugin_mode = "overlay"
+    network_policy      = "calico"
+    outbound_type       = "userAssignedNATGateway"
+  }
+ dynamic "oms_agent" {
+    for_each = var.log_analytics_workspace_enabled ? ["oms_agent"] : []
+
+    content {
+      log_analytics_workspace_id      = local.log_analytics_workspace.id
+      msi_auth_for_monitoring_enabled = var.msi_auth_for_monitoring_enabled
+    }
   }
 }
 

diff --git a/variables.tf b/variables.tf
@@ -85,6 +85,12 @@ variable "lock" {
   }
 }
 
+variable "log_analytics_workspace_id" {
+  type        = string
+  default     = null
+  description = "(Optional) The ID of the Log Analytics Workspace to use for the OMS agent."
+}
+
 # tflint-ignore: terraform_unused_declarations
 variable "managed_identities" {
   type = object({
@@ -94,6 +100,40 @@ variable "managed_identities" {
   default     = {}
   description = "Managed identities to be created for the resource."
 }
+variable "key_vault_secrets_provider_enabled" {
+  type        = bool
+  default     = false
+  description = "(Optional) Whether to use the Azure Key Vault Provider for Secrets Store CSI Driver in an AKS cluster. For more details: https://docs.microsoft.com/en-us/azure/aks/csi-secrets-store-driver"
+  nullable    = false
+}
+
+variable "log_analytics_workspace_enabled" {
+  type        = bool
+  default     = false
+  description = "Enable the integration of azurerm_log_analytics_workspace and azurerm_log_analytics_solution: https://docs.microsoft.com/en-us/azure/azure-monitor/containers/container-insights-onboard"
+  nullable    = false
+}
+
+variable "monitor_metrics" {
+  type = object({
+    annotations_allowed = optional(string)
+    labels_allowed      = optional(string)
+  })
+  default     = null
+  description = <<-EOT
+  (Optional) Specifies a Prometheus add-on profile for the Kubernetes Cluster
+  object({
+    annotations_allowed = "(Optional) Specifies a comma-separated list of Kubernetes annotation keys that will be used in the resource's labels metric."
+    labels_allowed      = "(Optional) Specifies a Comma-separated list of additional Kubernetes label keys that will be used in the resource's labels metric."
+  })
+EOT
+}
+
+variable "msi_auth_for_monitoring_enabled" {
+  type        = bool
+  default     = null
+  description = "(Optional) Is managed identity authentication for monitoring enabled?"
+}
 
 variable "node_pools" {
   type = map(object({
-Original file line number
+Diff line change
@@ Expand Up / @@ -15,4 +15,5 @@ locals { @@
           }
         ]
       ]) : "${assoc.pe_key}-${assoc.asg_key}" => assoc }
-    }
+    }