Support for key_vault_secrets_provider and maintenance_window

caruccio · caruccio · commit 25a99a4939a6 · 2022-05-11T16:58:07.000-03:00
diff --git a/main.tf b/main.tf
@@ -16,6 +16,7 @@ resource "azurerm_kubernetes_cluster" "main" {
   dns_prefix              = var.prefix
   sku_tier                = var.sku_tier
   private_cluster_enabled = var.private_cluster_enabled
+  private_dns_zone_id     = var.private_dns_zone_id   
 
   linux_profile {
     admin_username = var.admin_username
@@ -147,6 +148,35 @@ resource "azurerm_kubernetes_cluster" "main" {
     service_cidr       = var.net_profile_service_cidr
   }
 
+  dynamic "key_vault_secrets_provider" {
+    for_each = var.key_vault_secrets_provider_enabled ? ["key_vault_secrets_provider"] : []
+
+    content {
+      secret_rotation_enabled  = key_vault_secrets_provider.secret_rotation_enabled
+      secret_rotation_interval = key_vault_secrets_provider.secret_rotation_interval
+    }
+  }
+
+  maintenance_window {
+    dynamic "allowed" {
+      for_each = var.allowed_maintenance_windows
+
+      content {
+        day   = allowed.day
+        hours = allowed.hours
+      }
+    }
+
+    dynamic "not_allowed" {
+      for_each = var.not_allowed_maintenance_windows
+
+      content {
+        start = not_allowed.start
+        end   = not_allowed.end
+      }
+    }
+  }
+
   tags = var.tags
 }
 
diff --git a/variables.tf b/variables.tf
@@ -324,3 +324,63 @@ variable "node_resource_group" {
   type        = string
   default     = null
 }
+
+variable "key_vault_secrets_provider_enabled" {
+  description = "Enables Key Vault Secret Provider"
+  type        = bool
+  default     = false
+}
+
+variable "key_vault_secrets_provider" {
+  description = "Config for Key Vault Secret Provider"
+  type = object({
+    secret_rotation_enabled  = bool
+    secret_rotation_interval = string
+  })
+  default = {
+    secret_rotation_enabled  = true
+    secret_rotation_interval = "2m"
+  }
+}
+
+variable "allowed_maintenance_windows" {
+  description = "List of allowed Maintenance Windows for AKS"
+  type = list(object({
+    day   = string
+    hours = list(number)
+  }))
+  default = []
+
+  # Example: [
+  #   {
+  #     day   = "Saturday"
+  #     hours = [23]
+  #   },
+  #   {
+  #     day   = "Sunday"
+  #     hours = [0, 1, 2, 3, 4]
+  #   }
+  # ]
+}
+
+variable "not_allowed_maintenance_windows" {
+  description = "List of not allowed Maintenance Windows for AKS"
+  type = list(object({
+    start = string
+    end   = string
+  }))
+  default = []
+
+  # Example: [
+  #   {
+  #     start = "2022-01-01T00:00:00Z"
+  #     end = "2023-01-01T00:00:00Z"
+  #   }
+  # ]
+}
+
+variable "private_dns_zone_id" {
+  description = "Either the DNS-name of Private DNS Zone which should be delegated to this Cluster, 'System' to have AKS manage this or 'None'."
+  type        = string
+  default     = "System"
+}
