fix: terraform private link support (#991)

[comment]: # (Note that your PR title should follow the conventional
commit format: https://conventionalcommits.org/en/v1.0.0/#summary)
# PR Description

[comment]: # (The below checklist is for PRs adding new features. If a
box is not checked, add a reason why it's not needed.)
# New Feature Checklist

- [ ] List telemetry added about the feature.
- [ ] Link to the one-pager about the feature.
- [ ] List any tasks necessary for release (3P docs, AKS RP chart
changes, etc.) after merging the PR.
- [ ] Attach results of scale and perf testing.

[comment]: # (The below checklist is for code changes. Not all boxes
necessarily need to be checked. Build, doc, and template changes do not
need to fill out the checklist.)
# Tests Checklist

- [ ] Have end-to-end Ginkgo tests been run on your cluster and passed?
To bootstrap your cluster to run the tests, follow [these
instructions](/otelcollector/test/README.md#bootstrap-a-dev-cluster-to-run-ginkgo-tests).
  - Labels used when running the tests on your cluster:
    - [ ] `operator`
    - [ ] `windows`
    - [ ] `arm64`
    - [ ] `arc-extension`
    - [ ] `fips`
- [ ] Have new tests been added? For features, have tests been added for
this feature? For fixes, is there a test that could have caught this
issue and could validate that the fix works?
  - [ ] Is a new scrape job needed?
- [ ] The scrape job was added to the folder
[test-cluster-yamls](/otelcollector/test/test-cluster-yamls/) in the
correct configmap or as a CR.
  - [ ] Was a new test label added?
- [ ] A string constant for the label was added to
[constants.go](/otelcollector/test/utils/constants.go).
- [ ] The label and description was added to the [test
README](/otelcollector/test/README.md).
- [ ] The label was added to this [PR
checklist](/.github/pull_request_template).
- [ ] The label was added as needed to
[testkube-test-crs.yaml](/otelcollector/test/testkube/testkube-test-crs.yaml).
  - [ ] Are additional API server permissions needed for the new tests?
- [ ] These permissions have been added to
[api-server-permissions.yaml](/otelcollector/test/testkube/api-server-permissions.yaml).
  - [ ] Was a new test suite (a new folder under `/tests`) added?
- [ ] The new test suite is included in
[testkube-test-crs.yaml](/otelcollector/test/testkube/testkube-test-crs.yaml).

AddonTerraformTemplate/main.tf

@@ -8,7 +8,6 @@ resource "azurerm_kubernetes_cluster" "k8s" {
   name                = var.cluster_name
   resource_group_name = azurerm_resource_group.rg.name
 
-
   dns_prefix = var.dns_prefix
   tags = {
     Environment = "Development"
@@ -48,6 +47,20 @@ resource "azurerm_monitor_data_collection_endpoint" "dce" {
   kind                = "Linux"
 }
 
+# Logic to determine region mismatch
+locals {
+  dce_region_mismatch = var.cluster_region != var.amw_region
+}
+
+# Create another DCE if the regions don't match and is_private_cluster is true
+resource "azurerm_monitor_data_collection_endpoint" "dce_mismatch" {
+  count               = (local.dce_region_mismatch && var.is_private_cluster) ? 1 : 0
+  name                = substr("MSProm-PL-${azurerm_resource_group.rg.location}-${var.cluster_name}", 0, min(44, length("MSProm-PL-${azurerm_resource_group.rg.location}-${var.cluster_name}")))
+  resource_group_name = azurerm_resource_group.rg.name
+  location            = var.cluster_region
+  kind                = "Linux"
+}
+
 resource "azurerm_monitor_data_collection_rule" "dcr" {
   name                        = substr("MSProm-${azurerm_resource_group.rg.location}-${var.cluster_name}", 0, min(64, length("MSProm-${azurerm_resource_group.rg.location}-${var.cluster_name}")))
   resource_group_name         = azurerm_resource_group.rg.name
@@ -90,10 +103,21 @@ resource "azurerm_monitor_data_collection_rule_association" "dcra" {
   ]
 }
 
+resource "azurerm_monitor_data_collection_rule_association" "dcra_mismatch" {
+  count                   = (local.dce_region_mismatch && var.is_private_cluster) ? 1 : 0
+  target_resource_id      = azurerm_kubernetes_cluster.k8s.id
+  data_collection_endpoint_id = local.dce_region_mismatch ? azurerm_monitor_data_collection_endpoint.dce_mismatch[0].id : azurerm_monitor_data_collection_endpoint.dce.id
+  description             = "Association of data collection endpoint for private link clusters. Deleting this association will break the data collection for this AKS Cluster."
+  depends_on = [
+    azurerm_monitor_data_collection_endpoint.dce
+  ]
+}
+
 resource "azurerm_dashboard_grafana" "grafana" {
   name                = var.grafana_name
   resource_group_name = azurerm_resource_group.rg.name
   location            = var.grafana_location
+  grafana_major_version = var.grafana_version
 
   identity {
     type = "SystemAssigned"
@@ -110,6 +134,7 @@ resource "azurerm_role_assignment" "datareaderrole" {
   principal_id       = azurerm_dashboard_grafana.grafana.identity.0.principal_id
 }
 
+
 resource "azurerm_monitor_alert_prometheus_rule_group" "node_recording_rules_rule_group" {
   name                = "NodeRecordingRulesRuleGroup-${var.cluster_name}"
   location            = azurerm_resource_group.rg.location

AddonTerraformTemplate/variables.tf

@@ -29,10 +29,28 @@ variable "grafana_location" {
   default = "eastus"
 }
 
+variable "grafana_version" {
+  default = "10"
+}
+
+variable "is_private_cluster" {
+  default = "false"
+}
+
 variable "monitor_workspace_name" {
   default = "amwtest"
 }
 
+variable "amw_region" {
+  default = "northeurope"
+  description = "Location of the Azure Monitor Workspace"
+}
+
+variable "cluster_region" {
+  default = "eastus"
+  description = "Location of the Azure Kubernetes Cluster"
+}
+
 variable "resource_group_location" {
   default     = "eastus"
   description = "Location of the resource group."