feat: Automatic channel upgrade

      Add option to enable automatic_channel_upgrade, not active by default.
      Define a configurable maintenance window for auto upgrades,
      if automatich channel upgrades are enabled

Author: kpshjk

main.tf

@@ -9,6 +9,7 @@
 
 locals {
   cluster_name = "${lower(var.project)}${lower(var.stage)}k8s"
+  has_automatic_channel_upgrade_maintenance_window = var.automatic_channel_upgrade != "none" ? [var.automatic_channel_upgrade] : []
 }
 
 # Log analytics required for OMS Agent result processing - usually other logging solutions are used. Hence the affected tfsec rule is
@@ -27,6 +28,19 @@ resource "azurerm_kubernetes_cluster" "k8s" {
   sku_tier            = var.sku_tier
   kubernetes_version  = var.kubernetes_version
 
+  automatic_channel_upgrade = var.automatic_channel_upgrade != "none" ? var.automatic_channel_upgrade : null
+  dynamic "maintenance_window_auto_upgrade" {
+  for_each = local.has_automatic_channel_upgrade_maintenance_window
+    content {
+      frequency               = "Weekly"
+      interval                = "1"
+      duration                = var.maintenance_window_auto_upgrade_duration
+      day_of_week             = var.maintenance_window_auto_upgrade_day_of_week
+      start_time              = var.maintenance_window_auto_upgrade_start_time
+      utc_offset              = var.maintenance_window_auto_upgrade_utc_offset
+    }
+  }
+
   default_node_pool {
     name                 = var.default_node_pool_name
     type                 = "VirtualMachineScaleSets"

vars.tf

@@ -190,4 +190,48 @@ variable "azure_container_registry_ids" {
   description = <<-EOF
     IDs of the azure container registries that the AKS should have pull access to
   EOF
-}
+}
+
+variable "automatic_channel_upgrade" {
+  type        = string
+  default     = "none"
+  description = <<-EOF
+    Values:
+    none, patch, stable, rapid, node-image
+    see https://learn.microsoft.com/en-us/azure/aks/auto-upgrade-cluster
+  EOF
+}
+
+variable "maintenance_window_auto_upgrade_day_of_week" {
+  type        = string
+  default     = "Monday"
+  description  =  <<-EOF
+    see https://learn.microsoft.com/en-us/azure/aks/planned-maintenance#creating-a-maintenance-window
+  EOF
+}
+
+variable "maintenance_window_auto_upgrade_duration" {
+  type        = string
+  default     = "4"
+  description  =  <<-EOF
+    see https://learn.microsoft.com/en-us/azure/aks/planned-maintenance#creating-a-maintenance-window
+  EOF
+}
+
+variable "maintenance_window_auto_upgrade_start_time" {
+  type        = string
+  default     = "04:00"
+  description  =  <<-EOF
+    Example: "04:00"
+    see https://learn.microsoft.com/en-us/azure/aks/planned-maintenance#creating-a-maintenance-window
+  EOF
+}
+
+variable "maintenance_window_auto_upgrade_utc_offset" {
+  type        = string
+  default     = "+00:00"
+  description  =  <<-EOF
+    Example: "+00:00"
+    see https://learn.microsoft.com/en-us/azure/aks/planned-maintenance#creating-a-maintenance-window
+  EOF
+}