Auto update

Author: github-actions[bot]

CHANGELOG.md

@@ -9,6 +9,7 @@
 - Add temporary\_name\_for\_rotation in azurerm\_kubernetes\_cluster\_node\_pool [\#638](https://github.com/Azure/terraform-azurerm-aks/pull/638) ([zioproto](https://github.com/zioproto))
 - Release `v10.0.0` [\#636](https://github.com/Azure/terraform-azurerm-aks/pull/636) ([lonegunmanb](https://github.com/lonegunmanb))
 - Add nonsensitive around for\_each argument [\#631](https://github.com/Azure/terraform-azurerm-aks/pull/631) ([zioproto](https://github.com/zioproto))
+- Implement Data Collection Rule for Container Insights [\#623](https://github.com/Azure/terraform-azurerm-aks/pull/623) ([zioproto](https://github.com/zioproto))
 - Cannot set both `client_id` and `identity_ids` variables. [\#622](https://github.com/Azure/terraform-azurerm-aks/pull/622) ([zioproto](https://github.com/zioproto))
 - support the dns\_zone\_ids property in the web\_app\_routing block [\#606](https://github.com/Azure/terraform-azurerm-aks/pull/606) ([zioproto](https://github.com/zioproto))
 - resource\_group: remove data source + location required [\#603](https://github.com/Azure/terraform-azurerm-aks/pull/603) ([DeviaVir](https://github.com/DeviaVir))

log_analytics.tf

@@ -87,40 +87,33 @@ locals {
 }
 
 resource "azurerm_monitor_data_collection_rule" "dcr" {
-  count               = (local.create_analytics_workspace && var.oms_agent_enabled) ? 1 : 0
+  count = (local.create_analytics_workspace && var.oms_agent_enabled) ? 1 : 0
+
+  location            = local.dcr_location
   name                = "MSCI-${local.dcr_location}-${azurerm_kubernetes_cluster.main.name}"
   resource_group_name = var.resource_group_name
-  location            = local.dcr_location
+  description         = "DCR for Azure Monitor Container Insights"
   tags                = var.tags
 
-  destinations {
-    log_analytics {
-      workspace_resource_id = local.log_analytics_workspace.id
-      name                  = local.log_analytics_workspace.name
-    }
-  }
-
   data_flow {
-    streams      = var.monitor_data_collection_rule_extensions_streams
     destinations = [local.log_analytics_workspace.name]
+    streams      = var.monitor_data_collection_rule_extensions_streams
   }
-
   data_flow {
-    streams      = ["Microsoft-Syslog"]
     destinations = [local.log_analytics_workspace.name]
+    streams      = ["Microsoft-Syslog"]
   }
-
-  data_sources {
-    syslog {
-      streams        = ["Microsoft-Syslog"]
-      facility_names = var.monitor_data_collection_rule_data_sources_syslog_facilities
-      log_levels     = var.monitor_data_collection_rule_data_sources_syslog_levels
-      name           = "sysLogsDataSource"
+  destinations {
+    log_analytics {
+      name                  = local.log_analytics_workspace.name
+      workspace_resource_id = local.log_analytics_workspace.id
     }
-
+  }
+  data_sources {
     extension {
-      streams        = var.monitor_data_collection_rule_extensions_streams
       extension_name = "ContainerInsights"
+      name           = "ContainerInsightsExtension"
+      streams        = var.monitor_data_collection_rule_extensions_streams
       extension_json = jsonencode({
         "dataCollectionSettings" : {
           interval               = var.data_collection_settings.data_collection_interval
@@ -129,17 +122,21 @@ resource "azurerm_monitor_data_collection_rule" "dcr" {
           enableContainerLogV2   = var.data_collection_settings.container_log_v2_enabled
         }
       })
-      name = "ContainerInsightsExtension"
+    }
+    syslog {
+      facility_names = var.monitor_data_collection_rule_data_sources_syslog_facilities
+      log_levels     = var.monitor_data_collection_rule_data_sources_syslog_levels
+      name           = "sysLogsDataSource"
+      streams        = ["Microsoft-Syslog"]
     }
   }
-
-  description = "DCR for Azure Monitor Container Insights"
 }
 
 resource "azurerm_monitor_data_collection_rule_association" "dcra" {
-  count                   = (local.create_analytics_workspace && var.oms_agent_enabled) ? 1 : 0
-  name                    = "ContainerInsightsExtension"
+  count = (local.create_analytics_workspace && var.oms_agent_enabled) ? 1 : 0
+
   target_resource_id      = azurerm_kubernetes_cluster.main.id
   data_collection_rule_id = azurerm_monitor_data_collection_rule.dcr[0].id
   description             = "Association of container insights data collection rule. Deleting this association will break the data collection for this AKS Cluster."
+  name                    = "ContainerInsightsExtension"
 }

variables.tf

@@ -454,6 +454,28 @@ variable "create_role_assignments_for_application_gateway" {
   nullable    = false
 }
 
+variable "data_collection_settings" {
+  type = object({
+    data_collection_interval                     = string
+    namespace_filtering_mode_for_data_collection = string
+    namespaces_for_data_collection               = list(string)
+    container_log_v2_enabled                     = bool
+  })
+  default = {
+    data_collection_interval                     = "1m"
+    namespace_filtering_mode_for_data_collection = "Off"
+    namespaces_for_data_collection               = ["kube-system", "gatekeeper-system", "azure-arc"]
+    container_log_v2_enabled                     = true
+  }
+  description = <<-EOT
+    `data_collection_interval` -  Determines how often the agent collects data. Valid values are 1m - 30m in 1m intervals. Default is 1m.
+    `namespace_filtering_mode_for_data_collection` - Can be 'Include', 'Exclude', or 'Off'. Determines how namespaces are filtered for data collection.
+    `namespaces_for_data_collection` - List of Kubernetes namespaces for data collection based on the filtering mode.
+    `container_log_v2_enabled` - Flag to enable the ContainerLogV2 schema for collecting logs.
+    See more details: https://learn.microsoft.com/en-us/azure/azure-monitor/containers/container-insights-data-collection-configure?tabs=cli#configure-dcr-with-azure-portal-1
+  EOT
+}
+
 variable "default_node_pool_fips_enabled" {
   type        = bool
   default     = null
@@ -882,6 +904,24 @@ variable "microsoft_defender_enabled" {
   nullable    = false
 }
 
+variable "monitor_data_collection_rule_data_sources_syslog_facilities" {
+  type        = list(string)
+  default     = ["auth", "authpriv", "cron", "daemon", "mark", "kern", "local0", "local1", "local2", "local3", "local4", "local5", "local6", "local7", "lpr", "mail", "news", "syslog", "user", "uucp"]
+  description = "Syslog supported facilities as documented here: https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-syslog"
+}
+
+variable "monitor_data_collection_rule_data_sources_syslog_levels" {
+  type        = list(string)
+  default     = ["Debug", "Info", "Notice", "Warning", "Error", "Critical", "Alert", "Emergency"]
+  description = "List of syslog levels"
+}
+
+variable "monitor_data_collection_rule_extensions_streams" {
+  type        = list(any)
+  default     = ["Microsoft-ContainerLog", "Microsoft-ContainerLogV2", "Microsoft-KubeEvents", "Microsoft-KubePodInventory", "Microsoft-KubeNodeInventory", "Microsoft-KubePVInventory", "Microsoft-KubeServices", "Microsoft-KubeMonAgentEvents", "Microsoft-InsightsMetrics", "Microsoft-ContainerInventory", "Microsoft-ContainerNodeInventory", "Microsoft-Perf"]
+  description = "An array of container insights table streams. See documentation in DCR for a list of the valid streams and their corresponding table: https://learn.microsoft.com/en-us/azure/azure-monitor/containers/container-insights-data-collection-configure?tabs=portal#stream-values-in-dcr"
+}
+
 variable "monitor_metrics" {
   type = object({
     annotations_allowed = optional(string)
@@ -1479,43 +1519,3 @@ variable "workload_identity_enabled" {
   default     = false
   description = "Enable or Disable Workload Identity. Defaults to false."
 }
-
-variable "monitor_data_collection_rule_extensions_streams" {
-  type        = list(any)
-  default     = ["Microsoft-ContainerLog", "Microsoft-ContainerLogV2", "Microsoft-KubeEvents", "Microsoft-KubePodInventory", "Microsoft-KubeNodeInventory", "Microsoft-KubePVInventory", "Microsoft-KubeServices", "Microsoft-KubeMonAgentEvents", "Microsoft-InsightsMetrics", "Microsoft-ContainerInventory", "Microsoft-ContainerNodeInventory", "Microsoft-Perf"]
-  description = "An array of container insights table streams. See documentation in DCR for a list of the valid streams and their corresponding table: https://learn.microsoft.com/en-us/azure/azure-monitor/containers/container-insights-data-collection-configure?tabs=portal#stream-values-in-dcr"
-}
-
-variable "monitor_data_collection_rule_data_sources_syslog_levels" {
-  type        = list(string)
-  default     = ["Debug", "Info", "Notice", "Warning", "Error", "Critical", "Alert", "Emergency"]
-  description = "List of syslog levels"
-}
-
-variable "monitor_data_collection_rule_data_sources_syslog_facilities" {
-  type        = list(string)
-  default     = ["auth", "authpriv", "cron", "daemon", "mark", "kern", "local0", "local1", "local2", "local3", "local4", "local5", "local6", "local7", "lpr", "mail", "news", "syslog", "user", "uucp"]
-  description = "Syslog supported facilities as documented here: https://learn.microsoft.com/en-us/azure/azure-monitor/agents/data-sources-syslog"
-}
-
-variable "data_collection_settings" {
-  type = object({
-    data_collection_interval                     = string
-    namespace_filtering_mode_for_data_collection = string
-    namespaces_for_data_collection               = list(string)
-    container_log_v2_enabled                     = bool
-  })
-  default = {
-    data_collection_interval                     = "1m"
-    namespace_filtering_mode_for_data_collection = "Off"
-    namespaces_for_data_collection               = ["kube-system", "gatekeeper-system", "azure-arc"]
-    container_log_v2_enabled                     = true
-  }
-  description = <<-EOT
-    `data_collection_interval` -  Determines how often the agent collects data. Valid values are 1m - 30m in 1m intervals. Default is 1m.
-    `namespace_filtering_mode_for_data_collection` - Can be 'Include', 'Exclude', or 'Off'. Determines how namespaces are filtered for data collection.
-    `namespaces_for_data_collection` - List of Kubernetes namespaces for data collection based on the filtering mode.
-    `container_log_v2_enabled` - Flag to enable the ContainerLogV2 schema for collecting logs.
-    See more details: https://learn.microsoft.com/en-us/azure/azure-monitor/containers/container-insights-data-collection-configure?tabs=cli#configure-dcr-with-azure-portal-1
-  EOT
-}