Azure · Sanverik · Jul 6, 2022 · Jul 6, 2022
diff --git a/main.tf b/main.tf
@@ -155,6 +155,43 @@ resource "azurerm_kubernetes_cluster" "main" {
 }
 
 
+resource "azurerm_kubernetes_cluster_node_pool" "worker" {
+  for_each              = var.additional_node_pools
+  name                  = each.value["name"]
+  kubernetes_cluster_id = azurerm_kubernetes_cluster.main.id
+  vm_size               = each.value["vm_size"]
+
+  enable_auto_scaling          = lookup(each.value, "enable_auto_scaling", false)
+  enable_host_encryption       = lookup(each.value, "enable_host_encryption", false)
+  enable_node_public_ip        = lookup(each.value, "enable_node_public_ip", false)
+  eviction_policy              = lookup(each.value, "priority", "Regular") == "Spot" ? lookup(each.value, "eviction_policy", "Delete") : null
+  fips_enabled                 = lookup(each.value, "fips_enabled", false)
+  kubelet_disk_type            = lookup(each.value, "kubelet_disk_type", null)
+  max_pods                     = lookup(each.value, "max_pods", null)
+  mode                         = lookup(each.value, "mode", "User")
+  node_labels                  = lookup(each.value, "node_labels", null)
+  node_public_ip_prefix_id     = lookup(each.value, "enable_node_public_ip", false) == true ? lookup(each.value, "node_public_ip_prefix_id", null) : null
+  node_taints                  = lookup(each.value, "node_taints", [])
+  orchestrator_version         = lookup(each.value, "orchestrator_version", null)
+  os_disk_size_gb              = lookup(each.value, "os_disk_size_gb", null)
+  os_disk_type                 = lookup(each.value, "os_disk_type", "Managed")
+  pod_subnet_id                = lookup(each.value, "pod_subnet_id", null)
+  os_sku                       = lookup(each.value, "os_sku", "Ubuntu")
+  os_type                      = lookup(each.value, "os_type", "Linux")
+  priority                     = lookup(each.value, "priority", "Regular")
+  proximity_placement_group_id = lookup(each.value, "proximity_placement_group_id", null)
+  spot_max_price               = lookup(each.value, "spot_max_price", -1)
+  tags                         = merge(var.tags, lookup(each.value, "tags", {}))
+  scale_down_mode              = lookup(each.value, "priority", "Regular") == "Regular" ? lookup(each.value, "scale_down_mode", "Delete") : "Delete"
+  ultra_ssd_enabled            = lookup(each.value, "ultra_ssd_enabled", false)
+  vnet_subnet_id               = var.vnet_subnet_id
+  workload_runtime             = lookup(each.value, "workload_runtime", "OCIContainer")
+  zones                        = lookup(each.value, "zones", [])
+  max_count                    = lookup(each.value, "enable_auto_scaling", false) == true ? lookup(each.value, "max_count", null) : null
+  min_count                    = lookup(each.value, "enable_auto_scaling", false) == true ? lookup(each.value, "min_count", null) : null
+  node_count                   = lookup(each.value, "node_count", 0)
+}
+
 resource "azurerm_log_analytics_workspace" "main" {
   count               = var.enable_log_analytics_workspace ? 1 : 0
   name                = var.cluster_log_analytics_workspace_name == null ? "${var.prefix}-workspace" : var.cluster_log_analytics_workspace_name

diff --git a/test/fixture/main.tf b/test/fixture/main.tf
@@ -83,19 +83,19 @@ module "aks_without_monitor" {
   enable_role_based_access_control = true
   rbac_aad_managed                 = true
   #checkov:skip=CKV_AZURE_4:The logging is turn off for demo purpose. DO NOT DO THIS IN PRODUCTION ENVIRONMENT!
-  enable_log_analytics_workspace   = false
-  net_profile_pod_cidr             = "10.1.0.0/16"
-  depends_on                       = [azurerm_resource_group.main]
+  enable_log_analytics_workspace = false
+  net_profile_pod_cidr           = "10.1.0.0/16"
+  depends_on                     = [azurerm_resource_group.main]
 }
 
 module "aks_cluster_name" {
-  source                               = "../.."
-  cluster_name                         = "test-cluster"
-  prefix                               = "prefix"
-  resource_group_name                  = azurerm_resource_group.main.name
-  enable_role_based_access_control     = true
-  rbac_aad_managed                     = true
-  enable_log_analytics_workspace       = true
+  source                           = "../.."
+  cluster_name                     = "test-cluster"
+  prefix                           = "prefix"
+  resource_group_name              = azurerm_resource_group.main.name
+  enable_role_based_access_control = true
+  rbac_aad_managed                 = true
+  enable_log_analytics_workspace   = true
   # Not necessary, just for demo purpose.
   admin_username                       = "azureuser"
   cluster_log_analytics_workspace_name = "test-cluster"
@@ -104,3 +104,22 @@ module "aks_cluster_name" {
   identity_ids                         = [azurerm_user_assigned_identity.test.id]
   depends_on                           = [azurerm_resource_group.main]
 }
+
+module "aks_with_additional_node_pools" {
+  source                           = "../.."
+  prefix                           = "prefix2-${random_id.prefix.hex}"
+  resource_group_name              = azurerm_resource_group.main.name
+  enable_role_based_access_control = true
+  rbac_aad_managed                 = true
+  enable_log_analytics_workspace   = true
+  net_profile_pod_cidr             = "10.1.0.0/16"
+  depends_on                       = [azurerm_resource_group.main]
+
+  additional_node_pools = {
+    "test1" = {
+      name       = "testpool"
+      vm_size    = "Standard_A4_v2"
+      node_count = 3
+    }
+  }
+}
diff --git a/variables.tf b/variables.tf
@@ -356,3 +356,9 @@ variable "oidc_issuer_enabled" {
   type        = bool
   default     = false
 }
+
+variable "additional_node_pools" {
+  description = "Specify a map of node pools where key - the name if the pool, value - the object which represents the parameters for pool`s configuration. Dy default nothing will be createdy"
+  type        = map(any)
+  default     = {}
+}