feat: configure azure_rbac_enabled for azure_active_directory_role_based_access_control independent from role_based_access_control_enabled

Documentation was generated with the terraform module tool

Author: kpshjk

README.md

@@ -124,6 +124,15 @@ Type: `string`
 
 The following input variables are optional (have default values):
 
+### ad\_rbac\_enabled
+
+Description: Defines RBAC for block azure\_active\_directory\_role\_based\_access\_control explicitly if set.  
+Else RBAC for block azure\_active\_directory\_role\_based\_access\_control is set by "rbac\_enabled"
+
+Type: `bool`
+
+Default: `null`
+
 ### api\_server\_ip\_ranges
 
 Description: The IP ranges to allow for incoming traffic to the server nodes. To disable the limitation, set an empty list as value (default).
@@ -132,7 +141,7 @@ Type: `list(string)`
 
 Default: `[]`
 
-### auto\_scaling\_enable
+### auto\_scaling\_enabled
 
 Description: Enable auto-scaling of node pool
 
@@ -156,7 +165,7 @@ Type: `string`
 
 Default: `"1"`
 
-### automatic\_channel\_upgrade
+### automatic\_upgrade\_channel
 
 Description: Values:  
 none, patch, stable, rapid, node-image  
@@ -192,15 +201,17 @@ Default: `"default"`
 
 ### default\_node\_pool\_upgrade\_settings\_enabled
 
-Description: default upgrade settings is added to default node pool
+Description: Values:  
+false, true
 
-Type: `boolean`
+Type: `bool`
 
 Default: `false`
 
 ### default\_node\_pool\_upgrade\_settings\_max\_surge
 
-Description: max surge of upgrade settings for default node pool
+Description: Example: "10%"  
+see https://learn.microsoft.com/en-us/azure/aks/upgrade-aks-cluster?tabs=azure-cli#customize-node-surge-upgrade
 
 Type: `string`
 
@@ -222,6 +233,22 @@ Type: `number`
 
 Default: `5`
 
+### image\_cleaner\_enabled
+
+Description: Azure default settings
+
+Type: `bool`
+
+Default: `false`
+
+### image\_cleaner\_interval\_hours
+
+Description: Azure default settings
+
+Type: `number`
+
+Default: `48`
+
 ### load\_balancer\_sku
 
 Description: The SKU for the used Load Balancer
@@ -434,6 +461,10 @@ Description: The Kubernetes API host for a kubectl config
 
 Description: The object ID of the service principal of the managed identity of the AKS
 
+### node\_count
+
+Description: n/a
+
 ### node\_resource\_group
 
 Description: The resource group the Kubernetes nodes were created in

main.tf

@@ -8,7 +8,7 @@
  */
 
 locals {
-  cluster_name                                     = "${lower(var.project)}${lower(var.stage)}k8s"
+  cluster_name = "${lower(var.project)}${lower(var.stage)}k8s"
   has_automatic_channel_upgrade_maintenance_window = var.automatic_upgrade_channel != "none" ? [
     var.automatic_upgrade_channel
   ] : []
@@ -67,7 +67,7 @@ resource "azurerm_kubernetes_cluster" "k8s" {
     dynamic "upgrade_settings" {
       for_each = local.has_default_node_pool_upgrade_settings
       content {
-        max_surge               = var.default_node_pool_upgrade_settings_max_surge
+        max_surge = var.default_node_pool_upgrade_settings_max_surge
       }
     }
   }
@@ -86,7 +86,7 @@ resource "azurerm_kubernetes_cluster" "k8s" {
   role_based_access_control_enabled = var.rbac_enabled
   azure_active_directory_role_based_access_control {
     admin_group_object_ids = var.rbac_managed_admin_groups
-    azure_rbac_enabled     = var.rbac_enabled
+    azure_rbac_enabled     = var.ad_rbac_enabled != null ? var.ad_rbac_enabled : var.rbac_enabled
   }
 
   network_profile {

vars.tf

@@ -62,6 +62,15 @@ variable "rbac_enabled" {
   default     = true
 }
 
+variable "ad_rbac_enabled" {
+  type        = bool
+  description = <<-EOF
+    Defines RBAC for block azure_active_directory_role_based_access_control explicitly if set.
+    Else RBAC for block azure_active_directory_role_based_access_control is set by "rbac_enabled"
+  EOF
+  default     = null
+}
+
 variable "rbac_managed_admin_groups" {
   type        = list(string)
   description = "The group IDs that have admin access to the cluster. Have to be specified if rbac_enabled is true"