Add key_vault_secrets_provider

https://docs.microsoft.com/en-us/azure/aks/csi-secrets-store-driver

Author: zioproto

main.tf

@@ -116,6 +116,14 @@ resource "azurerm_kubernetes_cluster" "main" {
     }
   }
 
+  dynamic "key_vault_secrets_provider" {
+    for_each = var.key_vault_secrets_provider_enabled ? ["key_vault_secrets_provider"] : []
+    content {
+      secret_rotation_enabled  = var.secret_rotation_enabled
+      secret_rotation_interval = var.secret_rotation_interval
+    }
+  }
+
   role_based_access_control_enabled = var.enable_role_based_access_control
 
   dynamic "azure_active_directory_role_based_access_control" {

variables.tf

@@ -356,3 +356,24 @@ variable "oidc_issuer_enabled" {
   type        = bool
   default     = false
 }
+
+variable "key_vault_secrets_provider_enabled" {
+  description = "(Optional) Whether to use the Azure Key Vault Provider for Secrets Store CSI Driver in an AKS cluster. For more details: https://docs.microsoft.com/en-us/azure/aks/csi-secrets-store-driver"
+  type        = bool
+  default     = false
+  nullable    = false
+}
+
+variable "secret_rotation_enabled" {
+  description = "Is secret rotation enabled? This variable is only used when enable_key_vault_secrets_provider is true and defaults to false"
+  type        = bool
+  default     = false
+  nullable    = false
+}
+
+variable "secret_rotation_interval" {
+  description = "The interval to poll for secret rotation. This attribute is only set when secret_rotation is true and defaults to 2m"
+  type        = string
+  default     = "2m"
+  nullable    = false
+}