diff --git a/avm/res/container-service/managed-cluster/README.md b/avm/res/container-service/managed-cluster/README.md index 8ff9e062da..584feeeeb5 100644 --- a/avm/res/container-service/managed-cluster/README.md +++ b/avm/res/container-service/managed-cluster/README.md @@ -2684,6 +2684,7 @@ param tags = { | [`dnsPrefix`](#parameter-dnsprefix) | string | Specifies the DNS prefix specified when creating the managed cluster. | | [`dnsServiceIP`](#parameter-dnsserviceip) | string | Specifies the IP address assigned to the Kubernetes DNS service. It must be within the Kubernetes service address range specified in serviceCidr. | | [`dnsZoneResourceId`](#parameter-dnszoneresourceid) | string | Specifies the resource ID of connected DNS zone. It will be ignored if `webApplicationRoutingEnabled` is set to `false`. | +| [`enableAad`](#parameter-enableaad) | bool | Enable Azure Active Directory integration. | | [`enableAzureDefender`](#parameter-enableazuredefender) | bool | Whether to enable Azure Defender. | | [`enableAzureMonitorProfileMetrics`](#parameter-enableazuremonitorprofilemetrics) | bool | Whether the metric state of the kubenetes cluster is enabled. | | [`enableContainerInsights`](#parameter-enablecontainerinsights) | bool | Indicates if Azure Monitor Container Insights Logs Addon is enabled. | @@ -4063,6 +4064,14 @@ Specifies the resource ID of connected DNS zone. It will be ignored if `webAppli - Required: No - Type: string +### Parameter: `enableAad` + +Enable Azure Active Directory integration. + +- Required: No +- Type: bool +- Default: `False` + ### Parameter: `enableAzureDefender` Whether to enable Azure Defender. diff --git a/avm/res/container-service/managed-cluster/main.bicep b/avm/res/container-service/managed-cluster/main.bicep index 3aecff5f78..21d7aee7d7 100644 --- a/avm/res/container-service/managed-cluster/main.bicep +++ b/avm/res/container-service/managed-cluster/main.bicep @@ -101,6 +101,9 @@ param adminUsername string = 'azureuser' @description('Optional. Specifies the SSH RSA public key string for the Linux nodes.') param sshPublicKey string? +@description('Optional. Enable Azure Active Directory integration.') +param enableAad bool = false + @description('Conditional. Information about a service principal identity for the cluster to use for manipulating Azure APIs. Required if no managed identities are assigned to the cluster.') param aksServicePrincipalProfile object? @@ -739,7 +742,7 @@ resource managedCluster 'Microsoft.ContainerService/managedClusters@2024-03-02-p } } publicNetworkAccess: publicNetworkAccess - aadProfile: { + aadProfile: enableAad ? { clientAppID: aadProfileClientAppID serverAppID: aadProfileServerAppID serverAppSecret: aadProfileServerAppSecret @@ -747,7 +750,7 @@ resource managedCluster 'Microsoft.ContainerService/managedClusters@2024-03-02-p enableAzureRBAC: aadProfileEnableAzureRBAC adminGroupObjectIDs: aadProfileAdminGroupObjectIDs tenantID: aadProfileTenantId - } + } : null autoScalerProfile: { 'balance-similar-node-groups': toLower(string(autoScalerProfileBalanceSimilarNodeGroups)) expander: autoScalerProfileExpander diff --git a/avm/res/container-service/managed-cluster/main.json b/avm/res/container-service/managed-cluster/main.json index 3f20739576..225829bf70 100644 --- a/avm/res/container-service/managed-cluster/main.json +++ b/avm/res/container-service/managed-cluster/main.json @@ -5,8 +5,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.34.60546", - "templateHash": "178765084464759811" + "version": "0.30.23.60470", + "templateHash": "13500053223041210958" }, "name": "Azure Kubernetes Service (AKS) Managed Clusters", "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster.", @@ -926,6 +926,13 @@ "description": "Optional. Specifies the SSH RSA public key string for the Linux nodes." } }, + "enableAad": { + "type": "bool", + "defaultValue": false, + "metadata": { + "description": "Optional. Enable Azure Active Directory integration." + } + }, "aksServicePrincipalProfile": { "type": "object", "nullable": true, @@ -1678,7 +1685,10 @@ "apiVersion": "2023-02-01", "subscriptionId": "[split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), '//'), '/')[2]]", "resourceGroup": "[split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), '////'), '/')[4]]", - "name": "[format('{0}/{1}', last(split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), 'dummyVault'), '/')), coalesce(tryGet(parameters('customerManagedKey'), 'keyName'), 'dummyKey'))]" + "name": "[format('{0}/{1}', last(split(coalesce(tryGet(parameters('customerManagedKey'), 'keyVaultResourceId'), 'dummyVault'), '/')), coalesce(tryGet(parameters('customerManagedKey'), 'keyName'), 'dummyKey'))]", + "dependsOn": [ + "cMKKeyVault" + ] }, "avmTelemetry": { "condition": "[parameters('enableTelemetry')]", @@ -1803,15 +1813,7 @@ } }, "publicNetworkAccess": "[parameters('publicNetworkAccess')]", - "aadProfile": { - "clientAppID": "[parameters('aadProfileClientAppID')]", - "serverAppID": "[parameters('aadProfileServerAppID')]", - "serverAppSecret": "[parameters('aadProfileServerAppSecret')]", - "managed": "[parameters('aadProfileManaged')]", - "enableAzureRBAC": "[parameters('aadProfileEnableAzureRBAC')]", - "adminGroupObjectIDs": "[parameters('aadProfileAdminGroupObjectIDs')]", - "tenantID": "[parameters('aadProfileTenantId')]" - }, + "aadProfile": "[if(parameters('enableAad'), createObject('clientAppID', parameters('aadProfileClientAppID'), 'serverAppID', parameters('aadProfileServerAppID'), 'serverAppSecret', parameters('aadProfileServerAppSecret'), 'managed', parameters('aadProfileManaged'), 'enableAzureRBAC', parameters('aadProfileEnableAzureRBAC'), 'adminGroupObjectIDs', parameters('aadProfileAdminGroupObjectIDs'), 'tenantID', parameters('aadProfileTenantId')), null())]", "autoScalerProfile": { "balance-similar-node-groups": "[toLower(string(parameters('autoScalerProfileBalanceSimilarNodeGroups')))]", "expander": "[parameters('autoScalerProfileExpander')]", @@ -2005,8 +2007,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.34.60546", - "templateHash": "3191846535289543816" + "version": "0.30.23.60470", + "templateHash": "2505380725266419010" }, "name": "Azure Kubernetes Service (AKS) Managed Cluster Maintenance Configurations", "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Maintenance Configurations.", @@ -2202,8 +2204,8 @@ "metadata": { "_generator": { "name": "bicep", - "version": "0.31.34.60546", - "templateHash": "13504241837980660061" + "version": "0.30.23.60470", + "templateHash": "13856766172443517827" }, "name": "Azure Kubernetes Service (AKS) Managed Cluster Agent Pools", "description": "This module deploys an Azure Kubernetes Service (AKS) Managed Cluster Agent Pool.", @@ -2552,7 +2554,10 @@ "vmSize": "[parameters('vmSize')]", "vnetSubnetID": "[parameters('vnetSubnetResourceId')]", "workloadRuntime": "[parameters('workloadRuntime')]" - } + }, + "dependsOn": [ + "managedCluster" + ] } }, "outputs": {