From be4d07b9caa336bf2deff5f15353811c99169ff4 Mon Sep 17 00:00:00 2001
From: Matthieu Nicolescu <mnicolescu@gmail.com>
Date: Mon, 1 Apr 2024 08:46:36 +0200
Subject: [PATCH] feat: Add enable_microsoft_defender/upgrade_max_surge
 variables for az-aks tf module

---
 terraform/modules/az-aks/main.tf                      | 11 ++++++++++-
 .../modules/az-aks/tests/cluster_creation.tftest.hcl  |  4 ++--
 terraform/modules/az-aks/variables.tf                 |  2 ++
 3 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/terraform/modules/az-aks/main.tf b/terraform/modules/az-aks/main.tf
index 1bfe0b3..794a827 100644
--- a/terraform/modules/az-aks/main.tf
+++ b/terraform/modules/az-aks/main.tf
@@ -34,6 +34,10 @@ resource "azurerm_kubernetes_cluster" "aks" {
     temporary_name_for_rotation  = var.configuration.node_pool.temporary_name_for_rotation
     enable_host_encryption       = true
     only_critical_addons_enabled = var.configuration.node_pool.only_critical_addons_enabled
+
+    upgrade_settings {
+      max_surge = var.configuration.node_pool.upgrade_max_surge
+    }
   }
 
   identity {
@@ -46,7 +50,12 @@ resource "azurerm_kubernetes_cluster" "aks" {
   oms_agent {
     log_analytics_workspace_id = var.log_analytics_id
   }
-
+  dynamic "microsoft_defender" {
+    for_each = var.configuration.enable_microsoft_defender == false ? [] : ["microsoft_defender"]
+    content {
+      log_analytics_workspace_id = var.log_analytics_id
+    }
+  }
   dynamic "key_management_service" {
     for_each = var.configuration.kv_key_management_service_id == null ? [] : ["key_management_service"]
 
diff --git a/terraform/modules/az-aks/tests/cluster_creation.tftest.hcl b/terraform/modules/az-aks/tests/cluster_creation.tftest.hcl
index c7bc936..7b529de 100644
--- a/terraform/modules/az-aks/tests/cluster_creation.tftest.hcl
+++ b/terraform/modules/az-aks/tests/cluster_creation.tftest.hcl
@@ -19,7 +19,7 @@ run "plan" {
     name                    = "az-aks-cluster"
     configuration           = {
         version                      = "1.28.5"
-        sku                          = "Free"
+        sku                          = "Standard"
         private_cluster              = true
         user_assigned_identity_id    = run.setup.assigned_identity_id
         local_account_disabled       = true
@@ -100,7 +100,7 @@ run "apply" {
         name                    = "az-aks-cluster"
         configuration           = {
             version                      = "1.28.5"
-            sku                          = "Free"
+            sku                          = "Standard"
             private_cluster              = true
             user_assigned_identity_id    = run.setup.assigned_identity_id
             local_account_disabled       = true
diff --git a/terraform/modules/az-aks/variables.tf b/terraform/modules/az-aks/variables.tf
index c412ed1..b2853e3 100644
--- a/terraform/modules/az-aks/variables.tf
+++ b/terraform/modules/az-aks/variables.tf
@@ -23,6 +23,7 @@ variable "configuration" {
     public_ssh_key               = optional(string)
     automatic_channel_upgrade    = optional(string)
     kv_key_management_service_id = optional(string)
+    enable_microsoft_defender    = optional(bool, true)
     node_pool = object({
       type                         = string
       count                        = number
@@ -32,6 +33,7 @@ variable "configuration" {
       max_pods                     = optional(number, 110)
       temporary_name_for_rotation  = optional(string)
       only_critical_addons_enabled = optional(bool, true)
+      upgrade_max_surge            = optional(string, "10%")
     })
     rbac = object({
       enabled                = bool