Add cluster extension support with documentation and examples

README.md

@@ -782,6 +782,70 @@ object({
 
 Default: `null`
 
+### <a name="input_cluster_extension"></a> [cluster\_extension](#input\_cluster\_extension)
+
+Description: Map of instances for the cluster extension submodule with the following attributes:
+
+**name**  
+The name of the cluster extension.
+
+**extension\_type**  
+The extension type. Examples: 'microsoft.dapr', 'microsoft.azureappconfiguration', 'microsoft.storagepoolextension'.
+
+**configuration\_protected\_settings**  
+Configuration settings that are protected or sensitive for the extension.
+
+**configuration\_settings**  
+Configuration settings for the extension.
+
+**release\_namespace**  
+Namespace where the extension release must be placed for a cluster scoped extension.
+
+**release\_train**  
+The release train used by this extension. Possible values include but are not limited to 'Stable' or 'Preview'.
+
+**target\_namespace**  
+Namespace where the extension will be created for a namespace scoped extension.
+
+**version**  
+User-specified version that the extension should pin to. If not set, Azure uses the latest version and auto-upgrades.
+
+**plan**  
+Plan block for marketplace extensions.
+
+**timeouts**  
+Timeouts for create, read, update, and delete operations.
+
+Type:
+
+```hcl
+map(object({
+    configuration_protected_settings = optional(map(string))
+    configuration_settings           = optional(map(string))
+    extension_type                   = string
+    name                             = string
+    plan = optional(object({
+      name           = string
+      product        = string
+      publisher      = string
+      promotion_code = optional(string)
+      version        = optional(string)
+    }))
+    release_namespace = optional(string)
+    release_train     = optional(string)
+    target_namespace  = optional(string)
+    timeouts = optional(object({
+      create = optional(string)
+      read   = optional(string)
+      update = optional(string)
+      delete = optional(string)
+    }))
+    version = optional(string)
+  }))
+```
+
+Default: `{}`
+
 ### <a name="input_cluster_timeouts"></a> [cluster\_timeouts](#input\_cluster\_timeouts)
 
 Description: - `create` - (Defaults to 60 minutes) Used when creating the Kubernetes Cluster Node Pool.
@@ -2038,6 +2102,10 @@ Description: The special FQDN used by the Azure Portal to access the Managed Clu
 
 Description: Base64 cluster CA certificate from user kubeconfig.
 
+### <a name="output_cluster_extension_resource_ids"></a> [cluster\_extension\_resource\_ids](#output\_cluster\_extension\_resource\_ids)
+
+Description: A map of cluster extension keys to resource ids and names.
+
 ### <a name="output_current_kubernetes_version"></a> [current\_kubernetes\_version](#output\_current\_kubernetes\_version)
 
 Description: The version of Kubernetes the Managed Cluster is running. If kubernetesVersion was a fully specified version <major.minor.patch>, this field will be exactly equal to it. If kubernetesVersion was <major.minor>, this field will contain the full <major.minor.patch> version being used.
@@ -2120,6 +2188,12 @@ Source: ./modules/alerting
 
 Version:
 
+### <a name="module_clusterextension"></a> [clusterextension](#module\_clusterextension)
+
+Source: ./modules/clusterextension
+
+Version:
+
 ### <a name="module_default_agent_pool_data"></a> [default\_agent\_pool\_data](#module\_default\_agent\_pool\_data)
 
 Source: ./modules/agentpool

examples/with-cluster-extensions/README.md

@@ -0,0 +1,186 @@
+<!-- BEGIN_TF_DOCS -->
+<!-- Code generated by terraform-docs. DO NOT EDIT. -->
+# AKS Cluster with Extensions Example
+
+```hcl
+terraform {
+  required_version = ">= 1.9, < 2.0"
+
+  required_providers {
+    azurerm = {
+      source  = "hashicorp/azurerm"
+      version = ">= 4.46.0, < 5.0.0"
+    }
+    random = {
+      source  = "hashicorp/random"
+      version = "~> 3.5"
+    }
+  }
+}
+
+provider "azurerm" {
+  features {
+    resource_group {
+      prevent_deletion_if_contains_resources = false
+    }
+  }
+}
+
+module "regions" {
+  source  = "Azure/avm-utl-regions/azurerm"
+  version = "0.11.0"
+
+  is_recommended         = true
+  region_name_regex      = "euap"
+  region_name_regex_mode = "not_match"
+}
+
+# This allows us to randomize the region for the resource group.
+resource "random_integer" "region_index" {
+  max = length(module.regions.regions) - 1
+  min = 0
+}
+
+locals {
+  location = module.regions.regions[random_integer.region_index.result].name
+}
+
+# This ensures we have unique CAF compliant names for our resources.
+module "naming" {
+  source  = "Azure/naming/azurerm"
+  version = "0.4.2"
+}
+
+# This is required for resource modules
+resource "azurerm_resource_group" "this" {
+  location = local.location
+  name     = module.naming.resource_group.name_unique
+}
+
+resource "azurerm_log_analytics_workspace" "this" {
+  location            = azurerm_resource_group.this.location
+  name                = module.naming.log_analytics_workspace.name_unique
+  resource_group_name = azurerm_resource_group.this.name
+}
+
+data "azurerm_client_config" "current" {}
+
+# This is the module call with cluster extensions
+module "cluster_with_extensions" {
+  source = "../.."
+
+  location  = azurerm_resource_group.this.location
+  name      = module.naming.kubernetes_cluster.name_unique
+  parent_id = azurerm_resource_group.this.id
+  aad_profile = {
+    enable_azure_rbac      = true
+    tenant_id              = data.azurerm_client_config.current.tenant_id
+    admin_group_object_ids = []
+    managed                = true
+  }
+  addon_profile_oms_agent = {
+    enabled = true
+    config = {
+      log_analytics_workspace_resource_id = azurerm_log_analytics_workspace.this.id
+      use_aad_auth                        = true
+    }
+  }
+  auto_upgrade_profile = {
+    upgrade_channel = "none"
+  }
+  # Cluster Extensions Configuration
+  cluster_extension = {
+    dapr = {
+      name              = "dapr"
+      extension_type    = "Microsoft.Dapr"
+      version           = "1.14.4-msft.10"
+      release_namespace = "dapr-system"
+      configuration_settings = {
+        "global.mtoDefaultNamespace" = "default"
+      }
+    }
+  }
+  default_agent_pool = {
+    vm_size = "Standard_DS2_v2"
+
+    upgrade_settings = {
+      max_surge = "10%"
+    }
+  }
+  diagnostic_settings = {
+    to_la = {
+      name                  = "to-la"
+      workspace_resource_id = azurerm_log_analytics_workspace.this.id
+    }
+  }
+  dns_prefix = "extexample"
+  managed_identities = {
+    system_assigned = true
+  }
+  sku = {
+    tier = "Standard"
+    name = "Base"
+  }
+}
+```
+
+<!-- markdownlint-disable MD033 -->
+## Requirements
+
+The following requirements are needed by this module:
+
+- <a name="requirement_terraform"></a> [terraform](#requirement\_terraform) (>= 1.9, < 2.0)
+
+- <a name="requirement_azurerm"></a> [azurerm](#requirement\_azurerm) (>= 4.46.0, < 5.0.0)
+
+- <a name="requirement_random"></a> [random](#requirement\_random) (~> 3.5)
+
+## Resources
+
+The following resources are used by this module:
+
+- [azurerm_log_analytics_workspace.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/log_analytics_workspace) (resource)
+- [azurerm_resource_group.this](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/resource_group) (resource)
+- [random_integer.region_index](https://registry.terraform.io/providers/hashicorp/random/latest/docs/resources/integer) (resource)
+- [azurerm_client_config.current](https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/data-sources/client_config) (data source)
+
+<!-- markdownlint-disable MD013 -->
+## Required Inputs
+
+No required inputs.
+
+## Optional Inputs
+
+No optional inputs.
+
+## Outputs
+
+No outputs.
+
+## Modules
+
+The following Modules are called:
+
+### <a name="module_cluster_with_extensions"></a> [cluster\_with\_extensions](#module\_cluster\_with\_extensions)
+
+Source: ../..
+
+Version:
+
+### <a name="module_naming"></a> [naming](#module\_naming)
+
+Source: Azure/naming/azurerm
+
+Version: 0.4.2
+
+### <a name="module_regions"></a> [regions](#module\_regions)
+
+Source: Azure/avm-utl-regions/azurerm
+
+Version: 0.11.0
+
+<!-- markdownlint-disable-next-line MD041 -->
+## Data Collection
+
+The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft's privacy statement. Our privacy statement is located at <https://go.microsoft.com/fwlink/?LinkID=824704>. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.
+<!-- END_TF_DOCS -->

examples/with-cluster-extensions/_footer.md

@@ -0,0 +1,4 @@
+<!-- markdownlint-disable-next-line MD041 -->
+## Data Collection
+
+The software may collect information about you and your use of the software and send it to Microsoft. Microsoft may use this information to provide services and improve our products and services. You may turn off the telemetry as described in the repository. There are also some features in the software that may enable you and Microsoft to collect data from users of your applications. If you use these features, you must comply with applicable law, including providing appropriate notices to users of your applications together with a copy of Microsoft's privacy statement. Our privacy statement is located at <https://go.microsoft.com/fwlink/?LinkID=824704>. You can learn more about data collection and use in the help documentation and our privacy statement. Your use of the software operates as your consent to these practices.

examples/with-cluster-extensions/_header.md

@@ -0,0 +1 @@
+# AKS Cluster with Extensions Example