Add support for maintenance_window

lonegunmanb · lonegunmanb · commit 26ce7011f2eb · 2022-09-26T17:09:47.000+08:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -20,4 +20,4 @@ ENHANCEMENTS:
 
 * Add `aci_connector_linux` addon. [#230](https://github.com/Azure/terraform-azurerm-aks/pull/230)
 * Restrict Terraform Core version for example cod to `>= 1.2`. [#253](https://github.com/Azure/terraform-azurerm-aks/pull/253)
-* Adds support for Ultra Disks by enabling the option. [#245](https://github.com/Azure/terraform-azurerm-aks/pull/245)
+* Adds support for Ultra Disks by enabling the option. [#245](https://github.com/Azure/terraform-azurerm-aks/pull/245)
diff --git a/README.md b/README.md
diff --git a/examples/named_cluster/main.tf b/examples/named_cluster/main.tf
@@ -50,8 +50,16 @@ module "aks_cluster_name" {
   identity_ids                         = [azurerm_user_assigned_identity.test.id]
   identity_type                        = "UserAssigned"
   log_analytics_workspace_enabled      = true
-  net_profile_pod_cidr                 = "10.1.0.0/16"
-  private_cluster_enabled              = true
-  rbac_aad_managed                     = true
-  role_based_access_control_enabled    = true
+  maintenance_window = {
+    allowed = [
+      {
+        day   = "Sunday",
+        hours = 23
+      },
+    ]
+  }
+  net_profile_pod_cidr              = "10.1.0.0/16"
+  private_cluster_enabled           = true
+  rbac_aad_managed                  = true
+  role_based_access_control_enabled = true
 }
diff --git a/examples/startup/main.tf b/examples/startup/main.tf
@@ -55,17 +55,31 @@ module "aks" {
   ingress_application_gateway_subnet_cidr = "10.52.1.0/24"
   local_account_disabled                  = true
   log_analytics_workspace_enabled         = true
-  net_profile_dns_service_ip              = "10.0.0.10"
-  net_profile_docker_bridge_cidr          = "170.10.0.1/16"
-  net_profile_service_cidr                = "10.0.0.0/16"
-  network_plugin                          = "azure"
-  network_policy                          = "azure"
-  os_disk_size_gb                         = 60
-  private_cluster_enabled                 = true
-  rbac_aad_managed                        = true
-  role_based_access_control_enabled       = true
-  sku_tier                                = "Paid"
-  vnet_subnet_id                          = azurerm_subnet.test.id
+  maintenance_window = {
+    allowed = [
+      {
+        day   = "Sunday",
+        hours = 23
+      },
+    ]
+    not_allowed = [
+      {
+        start = "2035-01-01T20:00:00.00Z08:00",
+        end   = "2035-01-01T21:00:00.00Z08:00"
+      },
+    ]
+  }
+  net_profile_dns_service_ip        = "10.0.0.10"
+  net_profile_docker_bridge_cidr    = "170.10.0.1/16"
+  net_profile_service_cidr          = "10.0.0.0/16"
+  network_plugin                    = "azure"
+  network_policy                    = "azure"
+  os_disk_size_gb                   = 60
+  private_cluster_enabled           = true
+  rbac_aad_managed                  = true
+  role_based_access_control_enabled = true
+  sku_tier                          = "Paid"
+  vnet_subnet_id                    = azurerm_subnet.test.id
 
   agents_labels = {
     "node1" : "label1"
diff --git a/main.tf b/main.tf
@@ -149,6 +149,28 @@ resource "azurerm_kubernetes_cluster" "main" {
       }
     }
   }
+  dynamic "maintenance_window" {
+    for_each = var.maintenance_window != null ? ["maintenance_window"] : []
+
+    content {
+      dynamic "allowed" {
+        for_each = var.maintenance_window.allowed
+
+        content {
+          day   = allowed.value.day
+          hours = allowed.value.hours
+        }
+      }
+      dynamic "not_allowed" {
+        for_each = var.maintenance_window.not_allowed
+
+        content {
+          end   = not_allowed.value.end
+          start = not_allowed.value.start
+        }
+      }
+    }
+  }
   dynamic "microsoft_defender" {
     for_each = var.microsoft_defender_enabled ? ["microsoft_defender"] : []
 
diff --git a/variables.tf b/variables.tf
@@ -271,6 +271,21 @@ variable "log_retention_in_days" {
   default     = 30
 }
 
+variable "maintenance_window" {
+  type = object({
+    allowed = optional(list(object({
+      day   = string
+      hours = number
+    })), []),
+    not_allowed = optional(list(object({
+      end   = string
+      start = string
+    })), []),
+  })
+  description = "(Optional) Maintenance configuration of the managed cluster."
+  default     = null
+}
+
 variable "microsoft_defender_enabled" {
   type        = bool
   description = "(Optional) Is Microsoft Defender on the cluster enabled?"
