From f3d997407e6ea4b2519ee1b489611b0d6ef09f11 Mon Sep 17 00:00:00 2001 From: hezijie Date: Tue, 31 Oct 2023 09:38:10 +0800 Subject: [PATCH] add fips_enabled support for default_node_pool --- README.md | 1 + main.tf | 2 ++ variables.tf | 6 ++++++ 3 files changed, 9 insertions(+) diff --git a/README.md b/README.md index b4122903..f56455ba 100644 --- a/README.md +++ b/README.md @@ -298,6 +298,7 @@ No modules. | [cluster\_name](#input\_cluster\_name) | (Optional) The name for the AKS resources created in the specified Azure Resource Group. This variable overwrites the 'prefix' var (The 'prefix' var will still be applied to the dns\_prefix if it is set) | `string` | `null` | no | | [confidential\_computing](#input\_confidential\_computing) | (Optional) Enable Confidential Computing. | 
object({
    sgx_quote_helper_enabled = bool
  })
| `null` | no | | [create\_role\_assignment\_network\_contributor](#input\_create\_role\_assignment\_network\_contributor) | (Deprecated) Create a role assignment for the AKS Service Principal to be a Network Contributor on the subnets used for the AKS Cluster | `bool` | `false` | no | +| [default\_node\_pool\_fips\_enabled](#input\_default\_node\_pool\_fips\_enabled) | (Optional) Should the nodes in this Node Pool have Federal Information Processing Standard enabled? Changing this forces a new resource to be created. | `bool` | `null` | no | | [disk\_encryption\_set\_id](#input\_disk\_encryption\_set\_id) | (Optional) The ID of the Disk Encryption Set which should be used for the Nodes and Volumes. More information [can be found in the documentation](https://docs.microsoft.com/azure/aks/azure-disk-customer-managed-keys). Changing this forces a new resource to be created. | `string` | `null` | no | | [ebpf\_data\_plane](#input\_ebpf\_data\_plane) | (Optional) Specifies the eBPF data plane used for building the Kubernetes network. Possible value is `cilium`. Changing this forces a new resource to be created. | `string` | `null` | no | | [enable\_auto\_scaling](#input\_enable\_auto\_scaling) | Enable node pool autoscaling | `bool` | `false` | no | diff --git a/main.tf b/main.tf index bf4ff6e0..8dd45a87 100644 --- a/main.tf +++ b/main.tf @@ -56,6 +56,7 @@ resource "azurerm_kubernetes_cluster" "main" { enable_auto_scaling = var.enable_auto_scaling enable_host_encryption = var.enable_host_encryption enable_node_public_ip = var.enable_node_public_ip + fips_enabled = var.default_node_pool_fips_enabled max_count = null max_pods = var.agents_max_pods min_count = null @@ -157,6 +158,7 @@ resource "azurerm_kubernetes_cluster" "main" { enable_auto_scaling = var.enable_auto_scaling enable_host_encryption = var.enable_host_encryption enable_node_public_ip = var.enable_node_public_ip + fips_enabled = var.default_node_pool_fips_enabled max_count = var.agents_max_count max_pods = var.agents_max_pods min_count = var.agents_min_count diff --git a/variables.tf b/variables.tf index ea9abbe4..10b29d55 100644 --- a/variables.tf +++ b/variables.tf @@ -403,6 +403,12 @@ variable "create_role_assignment_network_contributor" { nullable = false } +variable "default_node_pool_fips_enabled" { + type = bool + default = null + description = " (Optional) Should the nodes in this Node Pool have Federal Information Processing Standard enabled? Changing this forces a new resource to be created." +} + variable "disk_encryption_set_id" { type = string default = null