Merge pull request #232 from eyenx/feat/add-microsoft-defender-block

feat(aks): add microsoft defender support

Author: lonegunmanb

main.tf

@@ -141,6 +141,13 @@ resource "azurerm_kubernetes_cluster" "main" {
       }
     }
   }
+  dynamic "microsoft_defender" {
+    for_each = var.microsoft_defender_enabled ? ["microsoft_defender"] : []
+
+    content {
+      log_analytics_workspace_id = coalesce(try(var.log_analytics_workspace.id, null), azurerm_log_analytics_workspace.main[0].id)
+    }
+  }
   network_profile {
     network_plugin     = var.network_plugin
     dns_service_ip     = var.net_profile_dns_service_ip
@@ -165,7 +172,6 @@ resource "azurerm_kubernetes_cluster" "main" {
       client_secret = var.client_secret
     }
   }
-
   lifecycle {
     precondition {
       condition     = (var.client_id != "" && var.client_secret != "") || (var.identity_type != "")
@@ -204,4 +210,4 @@ resource "azurerm_log_analytics_solution" "main" {
     product   = "OMSGallery/ContainerInsights"
     publisher = "Microsoft"
   }
-}
+}

variables.tf

@@ -259,6 +259,13 @@ variable "log_retention_in_days" {
   default     = 30
 }
 
+variable "microsoft_defender_enabled" {
+  type        = bool
+  description = "(Optional) Is Microsoft Defender on the cluster enabled?"
+  default     = false
+  nullable    = false
+}
+
 variable "net_profile_dns_service_ip" {
   type        = string
   description = "(Optional) IP address within the Kubernetes service address range that will be used by cluster service discovery (kube-dns). Changing this forces a new resource to be created."
@@ -449,4 +456,4 @@ variable "vnet_subnet_id" {
   type        = string
   description = "(Optional) The ID of a Subnet where the Kubernetes Node Pool should exist. Changing this forces a new resource to be created."
   default     = null
-}
+}