From 40dcaeb7bbff88e14f88c368a110b901b94f165e Mon Sep 17 00:00:00 2001 From: Dan Feeney Date: Mon, 9 Aug 2021 11:47:06 -0500 Subject: [PATCH] added configurable azure policy agent --- azurerm/_modules/aks/main.tf | 4 ++++ azurerm/_modules/aks/variables.tf | 6 ++++++ azurerm/cluster/configuration.tf | 2 ++ azurerm/cluster/main.tf | 2 ++ 4 files changed, 14 insertions(+) diff --git a/azurerm/_modules/aks/main.tf b/azurerm/_modules/aks/main.tf index 6b41512f..cf14ade9 100644 --- a/azurerm/_modules/aks/main.tf +++ b/azurerm/_modules/aks/main.tf @@ -64,6 +64,10 @@ resource "azurerm_kubernetes_cluster" "current" { } addon_profile { + azure_policy { + enabled = var.enable_azure_policy_agent + } + kube_dashboard { enabled = false } diff --git a/azurerm/_modules/aks/variables.tf b/azurerm/_modules/aks/variables.tf index b4cc94f0..0d17db04 100644 --- a/azurerm/_modules/aks/variables.tf +++ b/azurerm/_modules/aks/variables.tf @@ -133,6 +133,12 @@ variable "disable_default_ingress" { description = "Whether to disable the default ingress." } +variable "enable_azure_policy_agent" { + type = bool + description = "whether to deploy the Azure policy agent to the cluster" + default = false +} + variable "service_principal_end_date_relative" { type = string description = "Relative time in hours for which the service principal password is valid. Defaults to 1 year." diff --git a/azurerm/cluster/configuration.tf b/azurerm/cluster/configuration.tf index 25a68b3f..f1bee05a 100644 --- a/azurerm/cluster/configuration.tf +++ b/azurerm/cluster/configuration.tf @@ -47,6 +47,8 @@ locals { disable_default_ingress = lookup(local.cfg, "disable_default_ingress", false) + enable_azure_policy_agent = lookup(local.cfg, "enable_azure_policy_agent", false) + service_principal_end_date_relative = lookup(local.cfg, "service_principal_end_date_relative", "8766h") disable_managed_identities = lookup(local.cfg, "disable_managed_identities", false) diff --git a/azurerm/cluster/main.tf b/azurerm/cluster/main.tf index ade618d1..2581f732 100644 --- a/azurerm/cluster/main.tf +++ b/azurerm/cluster/main.tf @@ -54,6 +54,8 @@ module "cluster" { disable_default_ingress = local.disable_default_ingress + enable_azure_policy_agent = local.enable_azure_policy_agent + service_principal_end_date_relative = local.service_principal_end_date_relative disable_managed_identities = local.disable_managed_identities