diff --git a/README.md b/README.md
index d2717956..f5739002 100644
--- a/README.md
+++ b/README.md
@@ -307,7 +307,6 @@ No modules.
| [brown\_field\_application\_gateway\_for\_ingress](#input\_brown\_field\_application\_gateway\_for\_ingress) | [Definition of `brown_field`](https://learn.microsoft.com/en-us/azure/application-gateway/tutorial-ingress-controller-add-on-existing)
* `id` - (Required) The ID of the Application Gateway that be used as cluster ingress.
* `subnet_id` - (Required) The ID of the Subnet which the Application Gateway is connected to. Must be set when `create_role_assignments` is `true`. | object({
id = string
subnet_id = string
}) | `null` | no |
| [client\_id](#input\_client\_id) | (Optional) The Client ID (appId) for the Service Principal used for the AKS deployment | `string` | `""` | no |
| [client\_secret](#input\_client\_secret) | (Optional) The Client Secret (password) for the Service Principal used for the AKS deployment | `string` | `""` | no |
-| [cluster\_log\_analytics\_workspace\_name](#input\_cluster\_log\_analytics\_workspace\_name) | (Optional) The name of the Analytics workspace | `string` | `null` | no |
| [cluster\_name](#input\_cluster\_name) | (Optional) The name for the AKS resources created in the specified Azure Resource Group. This variable overwrites the 'prefix' var (The 'prefix' var will still be applied to the dns\_prefix if it is set) | `string` | `null` | no |
| [cluster\_name\_random\_suffix](#input\_cluster\_name\_random\_suffix) | Whether to add a random suffix on Aks cluster's name or not. `azurerm_kubernetes_cluster` resource defined in this module is `create_before_destroy = true` implicity now(described [here](https://github.com/Azure/terraform-azurerm-aks/issues/389)), without this random suffix we'll not be able to recreate this cluster directly due to the naming conflict. | `bool` | `false` | no |
| [confidential\_computing](#input\_confidential\_computing) | (Optional) Enable Confidential Computing. | object({
sgx_quote_helper_enabled = bool
}) | `null` | no |
@@ -344,9 +343,6 @@ No modules.
| [log\_analytics\_solution](#input\_log\_analytics\_solution) | (Optional) Object which contains existing azurerm\_log\_analytics\_solution ID. Providing ID disables creation of azurerm\_log\_analytics\_solution. | object({
id = string
}) | `null` | no |
| [log\_analytics\_workspace](#input\_log\_analytics\_workspace) | (Optional) Existing azurerm\_log\_analytics\_workspace to attach azurerm\_log\_analytics\_solution. Providing the config disables creation of azurerm\_log\_analytics\_workspace. | object({
id = string
name = string
location = optional(string)
resource_group_name = optional(string)
}) | `null` | no |
| [log\_analytics\_workspace\_enabled](#input\_log\_analytics\_workspace\_enabled) | Enable the integration of azurerm\_log\_analytics\_workspace and azurerm\_log\_analytics\_solution: https://docs.microsoft.com/en-us/azure/azure-monitor/containers/container-insights-onboard | `bool` | `true` | no |
-| [log\_analytics\_workspace\_resource\_group\_name](#input\_log\_analytics\_workspace\_resource\_group\_name) | (Optional) Resource group name to create azurerm\_log\_analytics\_solution. | `string` | `null` | no |
-| [log\_analytics\_workspace\_sku](#input\_log\_analytics\_workspace\_sku) | The SKU (pricing level) of the Log Analytics workspace. For new subscriptions the SKU should be set to PerGB2018 | `string` | `"PerGB2018"` | no |
-| [log\_retention\_in\_days](#input\_log\_retention\_in\_days) | The retention period for the logs in days | `number` | `30` | no |
| [maintenance\_window](#input\_maintenance\_window) | (Optional) Maintenance configuration of the managed cluster. | object({
allowed = optional(list(object({
day = string
hours = set(number)
})), [
]),
not_allowed = optional(list(object({
end = string
start = string
})), []),
}) | `null` | no |
| [maintenance\_window\_auto\_upgrade](#input\_maintenance\_window\_auto\_upgrade) | - `day_of_month` - (Optional) The day of the month for the maintenance run. Required in combination with RelativeMonthly frequency. Value between 0 and 31 (inclusive).
- `day_of_week` - (Optional) The day of the week for the maintenance run. Options are `Monday`, `Tuesday`, `Wednesday`, `Thurday`, `Friday`, `Saturday` and `Sunday`. Required in combination with weekly frequency.
- `duration` - (Required) The duration of the window for maintenance to run in hours.
- `frequency` - (Required) Frequency of maintenance. Possible options are `Weekly`, `AbsoluteMonthly` and `RelativeMonthly`.
- `interval` - (Required) The interval for maintenance runs. Depending on the frequency this interval is week or month based.
- `start_date` - (Optional) The date on which the maintenance window begins to take effect.
- `start_time` - (Optional) The time for maintenance to begin, based on the timezone determined by `utc_offset`. Format is `HH:mm`.
- `utc_offset` - (Optional) Used to determine the timezone for cluster maintenance.
- `week_index` - (Optional) The week in the month used for the maintenance run. Options are `First`, `Second`, `Third`, `Fourth`, and `Last`.
---
`not_allowed` block supports the following:
- `end` - (Required) The end of a time span, formatted as an RFC3339 string.
- `start` - (Required) The start of a time span, formatted as an RFC3339 string. | object({
day_of_month = optional(number)
day_of_week = optional(string)
duration = number
frequency = string
interval = number
start_date = optional(string)
start_time = optional(string)
utc_offset = optional(string)
week_index = optional(string)
not_allowed = optional(set(object({
end = string
start = string
})))
}) | `null` | no |
| [maintenance\_window\_node\_os](#input\_maintenance\_window\_node\_os) | - `day_of_month` -
- `day_of_week` - (Optional) The day of the week for the maintenance run. Options are `Monday`, `Tuesday`, `Wednesday`, `Thurday`, `Friday`, `Saturday` and `Sunday`. Required in combination with weekly frequency.
- `duration` - (Required) The duration of the window for maintenance to run in hours.
- `frequency` - (Required) Frequency of maintenance. Possible options are `Daily`, `Weekly`, `AbsoluteMonthly` and `RelativeMonthly`.
- `interval` - (Required) The interval for maintenance runs. Depending on the frequency this interval is week or month based.
- `start_date` - (Optional) The date on which the maintenance window begins to take effect.
- `start_time` - (Optional) The time for maintenance to begin, based on the timezone determined by `utc_offset`. Format is `HH:mm`.
- `utc_offset` - (Optional) Used to determine the timezone for cluster maintenance.
- `week_index` - (Optional) The week in the month used for the maintenance run. Options are `First`, `Second`, `Third`, `Fourth`, and `Last`.
---
`not_allowed` block supports the following:
- `end` - (Required) The end of a time span, formatted as an RFC3339 string.
- `start` - (Required) The start of a time span, formatted as an RFC3339 string. | object({
day_of_month = optional(number)
day_of_week = optional(string)
duration = number
frequency = string
interval = number
start_date = optional(string)
start_time = optional(string)
utc_offset = optional(string)
week_index = optional(string)
not_allowed = optional(set(object({
end = string
start = string
})))
}) | `null` | no |
@@ -361,6 +357,7 @@ No modules.
| [network\_plugin](#input\_network\_plugin) | Network plugin to use for networking. | `string` | `"kubenet"` | no |
| [network\_plugin\_mode](#input\_network\_plugin\_mode) | (Optional) Specifies the network plugin mode used for building the Kubernetes network. Possible value is `Overlay`. Changing this forces a new resource to be created. | `string` | `null` | no |
| [network\_policy](#input\_network\_policy) | (Optional) Sets up network policy to be used with Azure CNI. Network policy allows us to control the traffic flow between pods. Currently supported values are calico and azure. Changing this forces a new resource to be created. | `string` | `null` | no |
+| [new\_log\_analytics\_workspace](#input\_new\_log\_analytics\_workspace) | - `allow_resource_only_permissions` - (Optional) Specifies if the log Analytics Workspace allow users accessing to data associated with resources they have permission to view, without permission to workspace. Defaults to `true`.
- `cmk_for_query_forced` - (Optional) Is Customer Managed Storage mandatory for query management?
- `daily_quota_gb` - (Optional) The workspace daily quota for ingestion in GB. Defaults to -1 (unlimited) if omitted.
- `data_collection_rule_id` - (Optional) The ID of the Data Collection Rule to use for this workspace.
- `immediate_data_purge_on_30_days_enabled` - (Optional) Whether to remove the data in the Log Analytics Workspace immediately after 30 days.
- `internet_ingestion_enabled` - (Optional) Should the Log Analytics Workspace support ingestion over the Public Internet? Defaults to `true`.
- `internet_query_enabled` - (Optional) Should the Log Analytics Workspace support querying over the Public Internet? Defaults to `true`.
- `local_authentication_disabled` - (Optional) Specifies if the log Analytics workspace should enforce authentication using Azure AD. Defaults to `false`.
- `location` - (Optional) Specifies the supported Azure location where the resource exists. Will use `var.location` if omitted. Changing this forces a new resource to be created.
- `name` - (Optional) Specifies the name of the Log Analytics Workspace. Workspace name should include 4-63 letters, digits or '-'. The '-' shouldn't be the first or the last symbol. Will use `trim("${var.prefix}-workspace", "-"))` as name if omitted. Changing this forces a new resource to be created.
- `reservation_capacity_in_gb_per_day` - (Optional) The capacity reservation level in GB for this workspace. Possible values are `100`, `200`, `300`, `400`, `500`, `1000`, `2000` and `5000`.
- `resource_group_name` - (Optional) The name of the resource group in which the Log Analytics workspace is created. Will use `var.resource_group_name` if omitted. Changing this forces a new resource to be created.
- `retention_in_days` - (Optional) The workspace data retention in days. Possible values are either 7 (Free Tier only) or range between 30 and 730.
- `sku` - (Optional) Specifies the SKU of the Log Analytics Workspace. Possible values are `Free`, `PerNode`, `Premium`, `Standard`, `Standalone`, `Unlimited`, `CapacityReservation`, and `PerGB2018` (new SKU as of `2018-04-03`). Defaults to `PerGB2018`.
- `tags` - (Optional) A mapping of tags to assign to the resource.
---
`identity` block supports the following:
- `identity_ids` - (Optional) Specifies a list of user managed identity ids to be assigned. Required if `type` is `UserAssigned`.
- `type` - (Required) Specifies the identity type of the Log Analytics Workspace. Possible values are `SystemAssigned` (where Azure will generate a Service Principal for you) and `UserAssigned` where you can specify the Service Principal IDs in the `identity_ids` field. | object({
allow_resource_only_permissions = optional(bool)
cmk_for_query_forced = optional(bool)
daily_quota_gb = optional(number)
data_collection_rule_id = optional(string)
immediate_data_purge_on_30_days_enabled = optional(bool)
internet_ingestion_enabled = optional(bool)
internet_query_enabled = optional(bool)
local_authentication_disabled = optional(bool)
location = optional(string)
name = optional(string)
reservation_capacity_in_gb_per_day = optional(number)
resource_group_name = optional(string)
retention_in_days = optional(number)
sku = optional(string)
tags = optional(map(string))
identity = optional(object({
identity_ids = optional(set(string))
type = string
}))
}) | `null` | no |
| [node\_os\_channel\_upgrade](#input\_node\_os\_channel\_upgrade) | (Optional) The upgrade channel for this Kubernetes Cluster Nodes' OS Image. Possible values are `Unmanaged`, `SecurityPatch`, `NodeImage` and `None`. | `string` | `null` | no |
| [node\_pools](#input\_node\_pools) | A map of node pools that need to be created and attached on the Kubernetes cluster. The key of the map can be the name of the node pool, and the key must be static string. The value of the map is a `node_pool` block as defined below:
map(object({
name = (Required) The name of the Node Pool which should be created within the Kubernetes Cluster. Changing this forces a new resource to be created. A Windows Node Pool cannot have a `name` longer than 6 characters. A random suffix of 4 characters is always added to the name to avoid clashes during recreates.
node\_count = (Optional) The initial number of nodes which should exist within this Node Pool. Valid values are between `0` and `1000` (inclusive) for user pools and between `1` and `1000` (inclusive) for system pools and must be a value in the range `min_count` - `max_count`.
tags = (Optional) A mapping of tags to assign to the resource. At this time there's a bug in the AKS API where Tags for a Node Pool are not stored in the correct case - you [may wish to use Terraform's `ignore_changes` functionality to ignore changes to the casing](https://www.terraform.io/language/meta-arguments/lifecycle#ignore_changess) until this is fixed in the AKS API.
vm\_size = (Required) The SKU which should be used for the Virtual Machines used in this Node Pool. Changing this forces a new resource to be created.
host\_group\_id = (Optional) The fully qualified resource ID of the Dedicated Host Group to provision virtual machines from. Changing this forces a new resource to be created.
capacity\_reservation\_group\_id = (Optional) Specifies the ID of the Capacity Reservation Group where this Node Pool should exist. Changing this forces a new resource to be created.
custom\_ca\_trust\_enabled = (Optional) Specifies whether to trust a Custom CA. This requires that the Preview Feature `Microsoft.ContainerService/CustomCATrustPreview` is enabled and the Resource Provider is re-registered, see [the documentation](https://learn.microsoft.com/en-us/azure/aks/custom-certificate-authority) for more information.
enable\_auto\_scaling = (Optional) Whether to enable [auto-scaler](https://docs.microsoft.com/azure/aks/cluster-autoscaler).
enable\_host\_encryption = (Optional) Should the nodes in this Node Pool have host encryption enabled? Changing this forces a new resource to be created.
enable\_node\_public\_ip = (Optional) Should each node have a Public IP Address? Changing this forces a new resource to be created.
eviction\_policy = (Optional) The Eviction Policy which should be used for Virtual Machines within the Virtual Machine Scale Set powering this Node Pool. Possible values are `Deallocate` and `Delete`. Changing this forces a new resource to be created. An Eviction Policy can only be configured when `priority` is set to `Spot` and will default to `Delete` unless otherwise specified.
kubelet\_config = optional(object({
cpu\_manager\_policy = (Optional) Specifies the CPU Manager policy to use. Possible values are `none` and `static`, Changing this forces a new resource to be created.
cpu\_cfs\_quota\_enabled = (Optional) Is CPU CFS quota enforcement for containers enabled? Changing this forces a new resource to be created.
cpu\_cfs\_quota\_period = (Optional) Specifies the CPU CFS quota period value. Changing this forces a new resource to be created.
image\_gc\_high\_threshold = (Optional) Specifies the percent of disk usage above which image garbage collection is always run. Must be between `0` and `100`. Changing this forces a new resource to be created.
image\_gc\_low\_threshold = (Optional) Specifies the percent of disk usage lower than which image garbage collection is never run. Must be between `0` and `100`. Changing this forces a new resource to be created.
topology\_manager\_policy = (Optional) Specifies the Topology Manager policy to use. Possible values are `none`, `best-effort`, `restricted` or `single-numa-node`. Changing this forces a new resource to be created.
allowed\_unsafe\_sysctls = (Optional) Specifies the allow list of unsafe sysctls command or patterns (ending in `*`). Changing this forces a new resource to be created.
container\_log\_max\_size\_mb = (Optional) Specifies the maximum size (e.g. 10MB) of container log file before it is rotated. Changing this forces a new resource to be created.
container\_log\_max\_files = (Optional) Specifies the maximum number of container log files that can be present for a container. must be at least 2. Changing this forces a new resource to be created.
pod\_max\_pid = (Optional) Specifies the maximum number of processes per pod. Changing this forces a new resource to be created.
}))
linux\_os\_config = optional(object({
sysctl\_config = optional(object({
fs\_aio\_max\_nr = (Optional) The sysctl setting fs.aio-max-nr. Must be between `65536` and `6553500`. Changing this forces a new resource to be created.
fs\_file\_max = (Optional) The sysctl setting fs.file-max. Must be between `8192` and `12000500`. Changing this forces a new resource to be created.
fs\_inotify\_max\_user\_watches = (Optional) The sysctl setting fs.inotify.max\_user\_watches. Must be between `781250` and `2097152`. Changing this forces a new resource to be created.
fs\_nr\_open = (Optional) The sysctl setting fs.nr\_open. Must be between `8192` and `20000500`. Changing this forces a new resource to be created.
kernel\_threads\_max = (Optional) The sysctl setting kernel.threads-max. Must be between `20` and `513785`. Changing this forces a new resource to be created.
net\_core\_netdev\_max\_backlog = (Optional) The sysctl setting net.core.netdev\_max\_backlog. Must be between `1000` and `3240000`. Changing this forces a new resource to be created.
net\_core\_optmem\_max = (Optional) The sysctl setting net.core.optmem\_max. Must be between `20480` and `4194304`. Changing this forces a new resource to be created.
net\_core\_rmem\_default = (Optional) The sysctl setting net.core.rmem\_default. Must be between `212992` and `134217728`. Changing this forces a new resource to be created.
net\_core\_rmem\_max = (Optional) The sysctl setting net.core.rmem\_max. Must be between `212992` and `134217728`. Changing this forces a new resource to be created.
net\_core\_somaxconn = (Optional) The sysctl setting net.core.somaxconn. Must be between `4096` and `3240000`. Changing this forces a new resource to be created.
net\_core\_wmem\_default = (Optional) The sysctl setting net.core.wmem\_default. Must be between `212992` and `134217728`. Changing this forces a new resource to be created.
net\_core\_wmem\_max = (Optional) The sysctl setting net.core.wmem\_max. Must be between `212992` and `134217728`. Changing this forces a new resource to be created.
net\_ipv4\_ip\_local\_port\_range\_min = (Optional) The sysctl setting net.ipv4.ip\_local\_port\_range min value. Must be between `1024` and `60999`. Changing this forces a new resource to be created.
net\_ipv4\_ip\_local\_port\_range\_max = (Optional) The sysctl setting net.ipv4.ip\_local\_port\_range max value. Must be between `1024` and `60999`. Changing this forces a new resource to be created.
net\_ipv4\_neigh\_default\_gc\_thresh1 = (Optional) The sysctl setting net.ipv4.neigh.default.gc\_thresh1. Must be between `128` and `80000`. Changing this forces a new resource to be created.
net\_ipv4\_neigh\_default\_gc\_thresh2 = (Optional) The sysctl setting net.ipv4.neigh.default.gc\_thresh2. Must be between `512` and `90000`. Changing this forces a new resource to be created.
net\_ipv4\_neigh\_default\_gc\_thresh3 = (Optional) The sysctl setting net.ipv4.neigh.default.gc\_thresh3. Must be between `1024` and `100000`. Changing this forces a new resource to be created.
net\_ipv4\_tcp\_fin\_timeout = (Optional) The sysctl setting net.ipv4.tcp\_fin\_timeout. Must be between `5` and `120`. Changing this forces a new resource to be created.
net\_ipv4\_tcp\_keepalive\_intvl = (Optional) The sysctl setting net.ipv4.tcp\_keepalive\_intvl. Must be between `10` and `75`. Changing this forces a new resource to be created.
net\_ipv4\_tcp\_keepalive\_probes = (Optional) The sysctl setting net.ipv4.tcp\_keepalive\_probes. Must be between `1` and `15`. Changing this forces a new resource to be created.
net\_ipv4\_tcp\_keepalive\_time = (Optional) The sysctl setting net.ipv4.tcp\_keepalive\_time. Must be between `30` and `432000`. Changing this forces a new resource to be created.
net\_ipv4\_tcp\_max\_syn\_backlog = (Optional) The sysctl setting net.ipv4.tcp\_max\_syn\_backlog. Must be between `128` and `3240000`. Changing this forces a new resource to be created.
net\_ipv4\_tcp\_max\_tw\_buckets = (Optional) The sysctl setting net.ipv4.tcp\_max\_tw\_buckets. Must be between `8000` and `1440000`. Changing this forces a new resource to be created.
net\_ipv4\_tcp\_tw\_reuse = (Optional) Is sysctl setting net.ipv4.tcp\_tw\_reuse enabled? Changing this forces a new resource to be created.
net\_netfilter\_nf\_conntrack\_buckets = (Optional) The sysctl setting net.netfilter.nf\_conntrack\_buckets. Must be between `65536` and `147456`. Changing this forces a new resource to be created.
net\_netfilter\_nf\_conntrack\_max = (Optional) The sysctl setting net.netfilter.nf\_conntrack\_max. Must be between `131072` and `1048576`. Changing this forces a new resource to be created.
vm\_max\_map\_count = (Optional) The sysctl setting vm.max\_map\_count. Must be between `65530` and `262144`. Changing this forces a new resource to be created.
vm\_swappiness = (Optional) The sysctl setting vm.swappiness. Must be between `0` and `100`. Changing this forces a new resource to be created.
vm\_vfs\_cache\_pressure = (Optional) The sysctl setting vm.vfs\_cache\_pressure. Must be between `0` and `100`. Changing this forces a new resource to be created.
}))
transparent\_huge\_page\_enabled = (Optional) Specifies the Transparent Huge Page enabled configuration. Possible values are `always`, `madvise` and `never`. Changing this forces a new resource to be created.
transparent\_huge\_page\_defrag = (Optional) specifies the defrag configuration for Transparent Huge Page. Possible values are `always`, `defer`, `defer+madvise`, `madvise` and `never`. Changing this forces a new resource to be created.
swap\_file\_size\_mb = (Optional) Specifies the size of swap file on each node in MB. Changing this forces a new resource to be created.
}))
fips\_enabled = (Optional) Should the nodes in this Node Pool have Federal Information Processing Standard enabled? Changing this forces a new resource to be created. FIPS support is in Public Preview - more information and details on how to opt into the Preview can be found in [this article](https://docs.microsoft.com/azure/aks/use-multiple-node-pools#add-a-fips-enabled-node-pool-preview).
kubelet\_disk\_type = (Optional) The type of disk used by kubelet. Possible values are `OS` and `Temporary`.
max\_count = (Optional) The maximum number of nodes which should exist within this Node Pool. Valid values are between `0` and `1000` and must be greater than or equal to `min_count`.
max\_pods = (Optional) The minimum number of nodes which should exist within this Node Pool. Valid values are between `0` and `1000` and must be less than or equal to `max_count`.
message\_of\_the\_day = (Optional) A base64-encoded string which will be written to /etc/motd after decoding. This allows customization of the message of the day for Linux nodes. It cannot be specified for Windows nodes and must be a static string (i.e. will be printed raw and not executed as a script). Changing this forces a new resource to be created.
mode = (Optional) Should this Node Pool be used for System or User resources? Possible values are `System` and `User`. Defaults to `User`.
min\_count = (Optional) The minimum number of nodes which should exist within this Node Pool. Valid values are between `0` and `1000` and must be less than or equal to `max_count`.
node\_network\_profile = optional(object({
node\_public\_ip\_tags = (Optional) Specifies a mapping of tags to the instance-level public IPs. Changing this forces a new resource to be created.
}))
node\_labels = (Optional) A map of Kubernetes labels which should be applied to nodes in this Node Pool.
node\_public\_ip\_prefix\_id = (Optional) Resource ID for the Public IP Addresses Prefix for the nodes in this Node Pool. `enable_node_public_ip` should be `true`. Changing this forces a new resource to be created.
node\_taints = (Optional) A list of Kubernetes taints which should be applied to nodes in the agent pool (e.g `key=value:NoSchedule`). Changing this forces a new resource to be created.
orchestrator\_version = (Optional) Version of Kubernetes used for the Agents. If not specified, the latest recommended version will be used at provisioning time (but won't auto-upgrade). AKS does not require an exact patch version to be specified, minor version aliases such as `1.22` are also supported. - The minor version's latest GA patch is automatically chosen in that case. More details can be found in [the documentation](https://docs.microsoft.com/en-us/azure/aks/supported-kubernetes-versions?tabs=azure-cli#alias-minor-version). This version must be supported by the Kubernetes Cluster - as such the version of Kubernetes used on the Cluster/Control Plane may need to be upgraded first.
os\_disk\_size\_gb = (Optional) The Agent Operating System disk size in GB. Changing this forces a new resource to be created.
os\_disk\_type = (Optional) The type of disk which should be used for the Operating System. Possible values are `Ephemeral` and `Managed`. Defaults to `Managed`. Changing this forces a new resource to be created.
os\_sku = (Optional) Specifies the OS SKU used by the agent pool. Possible values include: `Ubuntu`, `CBLMariner`, `Mariner`, `Windows2019`, `Windows2022`. If not specified, the default is `Ubuntu` if OSType=Linux or `Windows2019` if OSType=Windows. And the default Windows OSSKU will be changed to `Windows2022` after Windows2019 is deprecated. Changing this forces a new resource to be created.
os\_type = (Optional) The Operating System which should be used for this Node Pool. Changing this forces a new resource to be created. Possible values are `Linux` and `Windows`. Defaults to `Linux`.
pod\_subnet\_id = (Optional) The ID of the Subnet where the pods in the Node Pool should exist. Changing this forces a new resource to be created.
priority = (Optional) The Priority for Virtual Machines within the Virtual Machine Scale Set that powers this Node Pool. Possible values are `Regular` and `Spot`. Defaults to `Regular`. Changing this forces a new resource to be created.
proximity\_placement\_group\_id = (Optional) The ID of the Proximity Placement Group where the Virtual Machine Scale Set that powers this Node Pool will be placed. Changing this forces a new resource to be created. When setting `priority` to Spot - you must configure an `eviction_policy`, `spot_max_price` and add the applicable `node_labels` and `node_taints` [as per the Azure Documentation](https://docs.microsoft.com/azure/aks/spot-node-pool).
spot\_max\_price = (Optional) The maximum price you're willing to pay in USD per Virtual Machine. Valid values are `-1` (the current on-demand price for a Virtual Machine) or a positive value with up to five decimal places. Changing this forces a new resource to be created. This field can only be configured when `priority` is set to `Spot`.
scale\_down\_mode = (Optional) Specifies how the node pool should deal with scaled-down nodes. Allowed values are `Delete` and `Deallocate`. Defaults to `Delete`.
snapshot\_id = (Optional) The ID of the Snapshot which should be used to create this Node Pool. Changing this forces a new resource to be created.
ultra\_ssd\_enabled = (Optional) Used to specify whether the UltraSSD is enabled in the Node Pool. Defaults to `false`. See [the documentation](https://docs.microsoft.com/azure/aks/use-ultra-disks) for more information. Changing this forces a new resource to be created.
vnet\_subnet\_id = (Optional) The ID of the Subnet where this Node Pool should exist. Changing this forces a new resource to be created. A route table must be configured on this Subnet.
upgrade\_settings = optional(object({
max\_surge = string
}))
windows\_profile = optional(object({
outbound\_nat\_enabled = optional(bool, true)
}))
workload\_runtime = (Optional) Used to specify the workload runtime. Allowed values are `OCIContainer` and `WasmWasi`. WebAssembly System Interface node pools are in Public Preview - more information and details on how to opt into the preview can be found in [this article](https://docs.microsoft.com/azure/aks/use-wasi-node-pools)
zones = (Optional) Specifies a list of Availability Zones in which this Kubernetes Cluster Node Pool should be located. Changing this forces a new Kubernetes Cluster Node Pool to be created.
create\_before\_destroy = (Optional) Create a new node pool before destroy the old one when Terraform must update an argument that cannot be updated in-place. Set this argument to `true` will add add a random suffix to pool's name to avoid conflict. Default to `true`.
})) | map(object({
name = string
node_count = optional(number)
tags = optional(map(string))
vm_size = string
host_group_id = optional(string)
capacity_reservation_group_id = optional(string)
custom_ca_trust_enabled = optional(bool)
enable_auto_scaling = optional(bool)
enable_host_encryption = optional(bool)
enable_node_public_ip = optional(bool)
eviction_policy = optional(string)
kubelet_config = optional(object({
cpu_manager_policy = optional(string)
cpu_cfs_quota_enabled = optional(bool)
cpu_cfs_quota_period = optional(string)
image_gc_high_threshold = optional(number)
image_gc_low_threshold = optional(number)
topology_manager_policy = optional(string)
allowed_unsafe_sysctls = optional(set(string))
container_log_max_size_mb = optional(number)
container_log_max_files = optional(number)
pod_max_pid = optional(number)
}))
linux_os_config = optional(object({
sysctl_config = optional(object({
fs_aio_max_nr = optional(number)
fs_file_max = optional(number)
fs_inotify_max_user_watches = optional(number)
fs_nr_open = optional(number)
kernel_threads_max = optional(number)
net_core_netdev_max_backlog = optional(number)
net_core_optmem_max = optional(number)
net_core_rmem_default = optional(number)
net_core_rmem_max = optional(number)
net_core_somaxconn = optional(number)
net_core_wmem_default = optional(number)
net_core_wmem_max = optional(number)
net_ipv4_ip_local_port_range_min = optional(number)
net_ipv4_ip_local_port_range_max = optional(number)
net_ipv4_neigh_default_gc_thresh1 = optional(number)
net_ipv4_neigh_default_gc_thresh2 = optional(number)
net_ipv4_neigh_default_gc_thresh3 = optional(number)
net_ipv4_tcp_fin_timeout = optional(number)
net_ipv4_tcp_keepalive_intvl = optional(number)
net_ipv4_tcp_keepalive_probes = optional(number)
net_ipv4_tcp_keepalive_time = optional(number)
net_ipv4_tcp_max_syn_backlog = optional(number)
net_ipv4_tcp_max_tw_buckets = optional(number)
net_ipv4_tcp_tw_reuse = optional(bool)
net_netfilter_nf_conntrack_buckets = optional(number)
net_netfilter_nf_conntrack_max = optional(number)
vm_max_map_count = optional(number)
vm_swappiness = optional(number)
vm_vfs_cache_pressure = optional(number)
}))
transparent_huge_page_enabled = optional(string)
transparent_huge_page_defrag = optional(string)
swap_file_size_mb = optional(number)
}))
fips_enabled = optional(bool)
kubelet_disk_type = optional(string)
max_count = optional(number)
max_pods = optional(number)
message_of_the_day = optional(string)
mode = optional(string, "User")
min_count = optional(number)
node_network_profile = optional(object({
node_public_ip_tags = optional(map(string))
}))
node_labels = optional(map(string))
node_public_ip_prefix_id = optional(string)
node_taints = optional(list(string))
orchestrator_version = optional(string)
os_disk_size_gb = optional(number)
os_disk_type = optional(string, "Managed")
os_sku = optional(string)
os_type = optional(string, "Linux")
pod_subnet_id = optional(string)
priority = optional(string, "Regular")
proximity_placement_group_id = optional(string)
spot_max_price = optional(number)
scale_down_mode = optional(string, "Delete")
snapshot_id = optional(string)
ultra_ssd_enabled = optional(bool)
vnet_subnet_id = optional(string)
upgrade_settings = optional(object({
max_surge = string
}))
windows_profile = optional(object({
outbound_nat_enabled = optional(bool, true)
}))
workload_runtime = optional(string)
zones = optional(set(string))
create_before_destroy = optional(bool, true)
})) | `{}` | no |
| [node\_resource\_group](#input\_node\_resource\_group) | The auto-generated Resource Group which contains the resources for this Managed Kubernetes Cluster. Changing this forces a new resource to be created. | `string` | `null` | no |
diff --git a/examples/multiple_node_pools/main.tf b/examples/multiple_node_pools/main.tf
index 2cba335b..01da59e5 100644
--- a/examples/multiple_node_pools/main.tf
+++ b/examples/multiple_node_pools/main.tf
@@ -46,11 +46,12 @@ locals {
module "aks" {
source = "../.."
- prefix = "prefix-${random_id.prefix.hex}"
- resource_group_name = local.resource_group.name
- os_disk_size_gb = 60
- sku_tier = "Standard"
- rbac_aad = false
- vnet_subnet_id = azurerm_subnet.test.id
- node_pools = local.nodes
+ prefix = "prefix-${random_id.prefix.hex}"
+ resource_group_name = local.resource_group.name
+ log_analytics_workspace_enabled = false
+ os_disk_size_gb = 60
+ sku_tier = "Standard"
+ rbac_aad = false
+ vnet_subnet_id = azurerm_subnet.test.id
+ node_pools = local.nodes
}
diff --git a/examples/named_cluster/main.tf b/examples/named_cluster/main.tf
index 1c1659d8..3fffe708 100644
--- a/examples/named_cluster/main.tf
+++ b/examples/named_cluster/main.tf
@@ -62,15 +62,14 @@ resource "azurerm_log_analytics_solution" "main" {
module "aks_cluster_name" {
source = "../.."
- prefix = "prefix"
- resource_group_name = local.resource_group.name
- admin_username = null
- azure_policy_enabled = true
- cluster_log_analytics_workspace_name = "test-cluster"
- cluster_name = "test-cluster"
- disk_encryption_set_id = azurerm_disk_encryption_set.des.id
- identity_ids = [azurerm_user_assigned_identity.test.id]
- identity_type = "UserAssigned"
+ prefix = "prefix"
+ resource_group_name = local.resource_group.name
+ admin_username = null
+ azure_policy_enabled = true
+ cluster_name = "test-cluster"
+ disk_encryption_set_id = azurerm_disk_encryption_set.des.id
+ identity_ids = [azurerm_user_assigned_identity.test.id]
+ identity_type = "UserAssigned"
log_analytics_solution = {
id = azurerm_log_analytics_solution.main.id
}
diff --git a/examples/startup/main.tf b/examples/startup/main.tf
index 0e672958..f5571af0 100644
--- a/examples/startup/main.tf
+++ b/examples/startup/main.tf
@@ -74,9 +74,11 @@ module "aks" {
name = "${random_id.prefix.hex}-agw"
subnet_cidr = "10.52.1.0/24"
}
- local_account_disabled = true
- log_analytics_workspace_enabled = true
- cluster_log_analytics_workspace_name = random_id.name.hex
+ local_account_disabled = true
+ log_analytics_workspace_enabled = true
+ new_log_analytics_workspace = {
+ name = random_id.name.hex
+ }
maintenance_window = {
allowed = [
{
diff --git a/examples/uai_and_assign_role_on_subnet/main.tf b/examples/uai_and_assign_role_on_subnet/main.tf
index b10dadd1..e29b8225 100644
--- a/examples/uai_and_assign_role_on_subnet/main.tf
+++ b/examples/uai_and_assign_role_on_subnet/main.tf
@@ -28,13 +28,14 @@ resource "azurerm_user_assigned_identity" "main" {
module "aks" {
source = "../../"
- cluster_name = var.kubernetes_cluster_name
- prefix = var.kubernetes_cluster_name
- resource_group_name = azurerm_resource_group.rg.name
- identity_ids = [azurerm_user_assigned_identity.main.id]
- identity_type = "UserAssigned"
- vnet_subnet_id = azurerm_subnet.subnet.id
- rbac_aad = false
+ cluster_name = var.kubernetes_cluster_name
+ prefix = var.kubernetes_cluster_name
+ resource_group_name = azurerm_resource_group.rg.name
+ identity_ids = [azurerm_user_assigned_identity.main.id]
+ identity_type = "UserAssigned"
+ log_analytics_workspace_enabled = false
+ vnet_subnet_id = azurerm_subnet.subnet.id
+ rbac_aad = false
network_contributor_role_assigned_subnet_ids = {
vnet_subnet = azurerm_subnet.subnet.id
}
diff --git a/examples/with_acr/main.tf b/examples/with_acr/main.tf
index c5646466..d02b323d 100644
--- a/examples/with_acr/main.tf
+++ b/examples/with_acr/main.tf
@@ -60,10 +60,11 @@ module "aks" {
attached_acr_id_map = {
example = azurerm_container_registry.example.id
}
- network_plugin = "azure"
- network_policy = "azure"
- os_disk_size_gb = 60
- sku_tier = "Standard"
- rbac_aad = false
- vnet_subnet_id = azurerm_subnet.test.id
+ log_analytics_workspace_enabled = false
+ network_plugin = "azure"
+ network_policy = "azure"
+ os_disk_size_gb = 60
+ sku_tier = "Standard"
+ rbac_aad = false
+ vnet_subnet_id = azurerm_subnet.test.id
}
diff --git a/log_analytics.tf b/log_analytics.tf
index 4458ab7a..8cac3af0 100644
--- a/log_analytics.tf
+++ b/log_analytics.tf
@@ -1,12 +1,21 @@
resource "azurerm_log_analytics_workspace" "main" {
count = local.create_analytics_workspace ? 1 : 0
- location = coalesce(var.location, data.azurerm_resource_group.main.location)
- name = coalesce(var.cluster_log_analytics_workspace_name, trim("${var.prefix}-workspace", "-"))
- resource_group_name = coalesce(var.log_analytics_workspace_resource_group_name, var.resource_group_name)
- retention_in_days = var.log_retention_in_days
- sku = var.log_analytics_workspace_sku
- tags = merge(var.tags, (/**/ (var.tracing_tags_enabled ? { for k, v in /**/ {
+ location = coalesce(var.new_log_analytics_workspace.location, var.location, data.azurerm_resource_group.main.location)
+ name = coalesce(var.new_log_analytics_workspace.name, trim("${var.prefix}-workspace", "-"))
+ resource_group_name = coalesce(var.new_log_analytics_workspace.resource_group_name, var.resource_group_name)
+ allow_resource_only_permissions = var.new_log_analytics_workspace.allow_resource_only_permissions
+ cmk_for_query_forced = var.new_log_analytics_workspace.cmk_for_query_forced
+ daily_quota_gb = var.new_log_analytics_workspace.daily_quota_gb
+ data_collection_rule_id = var.new_log_analytics_workspace.data_collection_rule_id
+ immediate_data_purge_on_30_days_enabled = var.new_log_analytics_workspace.immediate_data_purge_on_30_days_enabled
+ internet_ingestion_enabled = var.new_log_analytics_workspace.internet_ingestion_enabled
+ internet_query_enabled = var.new_log_analytics_workspace.internet_query_enabled
+ local_authentication_disabled = var.new_log_analytics_workspace.local_authentication_disabled
+ reservation_capacity_in_gb_per_day = var.new_log_analytics_workspace.reservation_capacity_in_gb_per_day
+ retention_in_days = var.new_log_analytics_workspace.retention_in_days
+ sku = var.new_log_analytics_workspace.sku
+ tags = merge(var.tags, var.new_log_analytics_workspace.tags, (/**/ (var.tracing_tags_enabled ? { for k, v in /**/ {
avm_git_commit = "0ae8a663f1dc1dc474b14c10d9c94c77a3d1e234"
avm_git_file = "main.tf"
avm_git_last_modified_at = "2023-06-05 02:21:33"
@@ -19,9 +28,13 @@ resource "azurerm_log_analytics_workspace" "main" {
lifecycle {
precondition {
- condition = can(coalesce(var.cluster_log_analytics_workspace_name, var.prefix))
+ condition = can(coalesce(var.new_log_analytics_workspace.name, var.prefix))
error_message = "You must set one of `var.cluster_log_analytics_workspace_name` and `var.prefix` to create `azurerm_log_analytics_workspace.main`."
}
+ precondition {
+ condition = var.log_analytics_workspace == null
+ error_message = "You can set only one of `var.log_analytics_workspace` and `var.new_log_analytics_workspace`, not both."
+ }
}
}
diff --git a/variables.tf b/variables.tf
index 43e2a05a..eacafe4e 100644
--- a/variables.tf
+++ b/variables.tf
@@ -389,12 +389,6 @@ variable "client_secret" {
nullable = false
}
-variable "cluster_log_analytics_workspace_name" {
- type = string
- default = null
- description = "(Optional) The name of the Analytics workspace"
-}
-
variable "cluster_name" {
type = string
default = null
@@ -687,24 +681,6 @@ variable "log_analytics_workspace_enabled" {
nullable = false
}
-variable "log_analytics_workspace_resource_group_name" {
- type = string
- default = null
- description = "(Optional) Resource group name to create azurerm_log_analytics_solution."
-}
-
-variable "log_analytics_workspace_sku" {
- type = string
- default = "PerGB2018"
- description = "The SKU (pricing level) of the Log Analytics workspace. For new subscriptions the SKU should be set to PerGB2018"
-}
-
-variable "log_retention_in_days" {
- type = number
- default = 30
- description = "The retention period for the logs in days"
-}
-
variable "maintenance_window" {
type = object({
allowed = optional(list(object({
@@ -869,6 +845,53 @@ variable "network_policy" {
description = " (Optional) Sets up network policy to be used with Azure CNI. Network policy allows us to control the traffic flow between pods. Currently supported values are calico and azure. Changing this forces a new resource to be created."
}
+variable "new_log_analytics_workspace" {
+ type = object({
+ allow_resource_only_permissions = optional(bool)
+ cmk_for_query_forced = optional(bool)
+ daily_quota_gb = optional(number)
+ data_collection_rule_id = optional(string)
+ immediate_data_purge_on_30_days_enabled = optional(bool)
+ internet_ingestion_enabled = optional(bool)
+ internet_query_enabled = optional(bool)
+ local_authentication_disabled = optional(bool)
+ location = optional(string)
+ name = optional(string)
+ reservation_capacity_in_gb_per_day = optional(number)
+ resource_group_name = optional(string)
+ retention_in_days = optional(number)
+ sku = optional(string)
+ tags = optional(map(string))
+ identity = optional(object({
+ identity_ids = optional(set(string))
+ type = string
+ }))
+ })
+ default = null
+ description = <<-DESCRIPTION
+ - `allow_resource_only_permissions` - (Optional) Specifies if the log Analytics Workspace allow users accessing to data associated with resources they have permission to view, without permission to workspace. Defaults to `true`.
+ - `cmk_for_query_forced` - (Optional) Is Customer Managed Storage mandatory for query management?
+ - `daily_quota_gb` - (Optional) The workspace daily quota for ingestion in GB. Defaults to -1 (unlimited) if omitted.
+ - `data_collection_rule_id` - (Optional) The ID of the Data Collection Rule to use for this workspace.
+ - `immediate_data_purge_on_30_days_enabled` - (Optional) Whether to remove the data in the Log Analytics Workspace immediately after 30 days.
+ - `internet_ingestion_enabled` - (Optional) Should the Log Analytics Workspace support ingestion over the Public Internet? Defaults to `true`.
+ - `internet_query_enabled` - (Optional) Should the Log Analytics Workspace support querying over the Public Internet? Defaults to `true`.
+ - `local_authentication_disabled` - (Optional) Specifies if the log Analytics workspace should enforce authentication using Azure AD. Defaults to `false`.
+ - `location` - (Optional) Specifies the supported Azure location where the resource exists. Will use `var.location` if omitted. Changing this forces a new resource to be created.
+ - `name` - (Optional) Specifies the name of the Log Analytics Workspace. Workspace name should include 4-63 letters, digits or '-'. The '-' shouldn't be the first or the last symbol. Will use `trim("$${var.prefix}-workspace", "-"))` as name if omitted. Changing this forces a new resource to be created.
+ - `reservation_capacity_in_gb_per_day` - (Optional) The capacity reservation level in GB for this workspace. Possible values are `100`, `200`, `300`, `400`, `500`, `1000`, `2000` and `5000`.
+ - `resource_group_name` - (Optional) The name of the resource group in which the Log Analytics workspace is created. Will use `var.resource_group_name` if omitted. Changing this forces a new resource to be created.
+ - `retention_in_days` - (Optional) The workspace data retention in days. Possible values are either 7 (Free Tier only) or range between 30 and 730.
+ - `sku` - (Optional) Specifies the SKU of the Log Analytics Workspace. Possible values are `Free`, `PerNode`, `Premium`, `Standard`, `Standalone`, `Unlimited`, `CapacityReservation`, and `PerGB2018` (new SKU as of `2018-04-03`). Defaults to `PerGB2018`.
+ - `tags` - (Optional) A mapping of tags to assign to the resource.
+
+ ---
+ `identity` block supports the following:
+ - `identity_ids` - (Optional) Specifies a list of user managed identity ids to be assigned. Required if `type` is `UserAssigned`.
+ - `type` - (Required) Specifies the identity type of the Log Analytics Workspace. Possible values are `SystemAssigned` (where Azure will generate a Service Principal for you) and `UserAssigned` where you can specify the Service Principal IDs in the `identity_ids` field.
+DESCRIPTION
+}
+
variable "node_os_channel_upgrade" {
type = string
default = null