Adds log analytics logging for k8s

terraform/modules/k8s/main.tf

@@ -39,3 +39,45 @@ resource "azurerm_kubernetes_cluster" "k8s" {
     owner       = var.owner
   }
 }
+
+resource "azurerm_monitor_diagnostic_setting" "k8s_diagnostic-1" {
+  name                       = "${var.name}-${var.environment}-k8s-diag"
+  target_resource_id         = azurerm_kubernetes_cluster.k8s.id
+  log_analytics_workspace_id = var.workspace_id
+  log {
+    category = "kube-apiserver"
+    retention_policy {
+      enabled = true
+    }
+  }
+  log {
+    category = "kube-controller-manager"
+    retention_policy {
+      enabled = true
+    }
+  }
+  log {
+    category = "kube-scheduler"
+    retention_policy {
+      enabled = true
+    }
+  }
+  log {
+    category = "kube-audit"
+    retention_policy {
+      enabled = true
+    }
+  }
+  log {
+    category = "cluster-autoscaler"
+    retention_policy {
+      enabled = true
+    }
+  }
+  metric {
+    category = "AllMetrics"
+    retention_policy {
+      enabled = true
+    }
+  }
+}

terraform/modules/k8s/variables.tf

@@ -62,3 +62,8 @@ variable "client_secret" {
   type        = string
   description = "The client secret for the Service Principal associated with the AKS cluster."
 }
+
+variable "workspace_id" {
+  description = "Log Analytics workspace for this resource to log to"
+  type        = string
+}

terraform/providers/dev/k8s.tf

@@ -22,6 +22,7 @@ module "k8s" {
   min_count           = 3
   client_id           = data.azurerm_key_vault_secret.k8s_client_id.value
   client_secret       = data.azurerm_key_vault_secret.k8s_client_secret.value
+  workspace_id        = module.logs.workspace_id
 }
 
 #module "main_lb" {