Azure Bicep 脚本在第二次执行时产生错误 "Changing property > 'agentPoolProfile.vnetSubnetID' is not allowed."
Azure Bicep script produces error "Changing property > 'agentPoolProfile.vnetSubnetID' is not allowed." on second execution
我正在使用 Azure Bicep 创建具有单个子网的虚拟网络,然后将其用作创建 aks 集群的输入:vnetSubnetID: virtualNetwork.properties.subnets[0].id
我第一次 运行 命令时,它创建虚拟网络和集群就好了,但第二次我 运行 命令时它给出了这个错误:
{"error":{"code":"InvalidTemplateDeployment","message":"The template
deployment 'cluster' is not valid according to the validation
procedure. The tracking id is '[REDACTED_JUST_IN_CASE]'. See inner errors for
details.","details":[{"code":"PropertyChangeNotAllowed","message":"Provisioning
of resource(s) for container service playground-cluster0 in resource
group showcase-kevinplayground2 failed. Message: {\n "code":
"PropertyChangeNotAllowed",\n "message": "Changing property
'agentPoolProfile.vnetSubnetID' is not allowed.",\n "target":
"agentPoolProfile.vnetSubnetID"\n }. Details: "}]}}
我仔细检查了一下,部署创建的虚拟网络中只有一个子网(没有其他神奇地出现或任何东西)。
我在第二个资源组上重复了这个实验,同样的事情发生了,所以它是可重现的。
这是完整的二头肌文件(只需在您选择的资源组中调用az deployment group create --resource-group showcase-kevinplayground2 -f cluster.bicep)
targetScope = 'resourceGroup'
resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-02-01' = {
name: 'aksVirtualNetwork'
location: resourceGroup().location
properties:{
addressSpace:{
addressPrefixes:[
'10.10.0.0/16'
]
}
subnets:[
{
name: 'aks'
properties:{
addressPrefix: '10.10.5.0/24'
}
}
]
}
}
resource aksManagedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
name: 'playgroundIdentity'
location: resourceGroup().location
}
resource aks 'Microsoft.ContainerService/managedClusters@2021-02-01' = {
name: 'playground-cluster0'
location: resourceGroup().location
identity: {
type:'UserAssigned'
userAssignedIdentities: {
'${aksManagedIdentity.id}': {}
}
}
sku: {
name: 'Basic'
tier: 'Free'
}
properties: {
kubernetesVersion: '1.21.2'
dnsPrefix: 'playground'
enableRBAC: true
networkProfile: {
networkPlugin: 'azure'
networkPolicy: 'calico'
}
aadProfile: {
managed: true
enableAzureRBAC: true
}
autoUpgradeProfile: {}
apiServerAccessProfile: {
enablePrivateCluster: false
}
agentPoolProfiles: [
{
name: 'aksnodes'
count: 1
vmSize: 'Standard_B2s'
osDiskSizeGB: 30
osDiskType: 'Managed'
vnetSubnetID: virtualNetwork.properties.subnets[0].id
osType: 'Linux'
maxCount: 1
minCount: 1
enableAutoScaling: true
type: 'VirtualMachineScaleSets'
mode: 'System'
orchestratorVersion: null
}
]
}
}
查看此报告github issue,您需要使用resourceId功能。
在你的情况下,类似的东西应该有效:
vnetSubnetID: resourceId('Microsoft.Network/virtualNetworks/subnets', 'aksVirtualNetwork', 'aks')
我正在使用 Azure Bicep 创建具有单个子网的虚拟网络,然后将其用作创建 aks 集群的输入:vnetSubnetID: virtualNetwork.properties.subnets[0].id
我第一次 运行 命令时,它创建虚拟网络和集群就好了,但第二次我 运行 命令时它给出了这个错误:
{"error":{"code":"InvalidTemplateDeployment","message":"The template deployment 'cluster' is not valid according to the validation procedure. The tracking id is '[REDACTED_JUST_IN_CASE]'. See inner errors for details.","details":[{"code":"PropertyChangeNotAllowed","message":"Provisioning of resource(s) for container service playground-cluster0 in resource group showcase-kevinplayground2 failed. Message: {\n "code": "PropertyChangeNotAllowed",\n "message": "Changing property 'agentPoolProfile.vnetSubnetID' is not allowed.",\n "target": "agentPoolProfile.vnetSubnetID"\n }. Details: "}]}}
我仔细检查了一下,部署创建的虚拟网络中只有一个子网(没有其他神奇地出现或任何东西)。
我在第二个资源组上重复了这个实验,同样的事情发生了,所以它是可重现的。
这是完整的二头肌文件(只需在您选择的资源组中调用az deployment group create --resource-group showcase-kevinplayground2 -f cluster.bicep)
targetScope = 'resourceGroup'
resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-02-01' = {
name: 'aksVirtualNetwork'
location: resourceGroup().location
properties:{
addressSpace:{
addressPrefixes:[
'10.10.0.0/16'
]
}
subnets:[
{
name: 'aks'
properties:{
addressPrefix: '10.10.5.0/24'
}
}
]
}
}
resource aksManagedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
name: 'playgroundIdentity'
location: resourceGroup().location
}
resource aks 'Microsoft.ContainerService/managedClusters@2021-02-01' = {
name: 'playground-cluster0'
location: resourceGroup().location
identity: {
type:'UserAssigned'
userAssignedIdentities: {
'${aksManagedIdentity.id}': {}
}
}
sku: {
name: 'Basic'
tier: 'Free'
}
properties: {
kubernetesVersion: '1.21.2'
dnsPrefix: 'playground'
enableRBAC: true
networkProfile: {
networkPlugin: 'azure'
networkPolicy: 'calico'
}
aadProfile: {
managed: true
enableAzureRBAC: true
}
autoUpgradeProfile: {}
apiServerAccessProfile: {
enablePrivateCluster: false
}
agentPoolProfiles: [
{
name: 'aksnodes'
count: 1
vmSize: 'Standard_B2s'
osDiskSizeGB: 30
osDiskType: 'Managed'
vnetSubnetID: virtualNetwork.properties.subnets[0].id
osType: 'Linux'
maxCount: 1
minCount: 1
enableAutoScaling: true
type: 'VirtualMachineScaleSets'
mode: 'System'
orchestratorVersion: null
}
]
}
}
查看此报告github issue,您需要使用resourceId功能。
在你的情况下,类似的东西应该有效:
vnetSubnetID: resourceId('Microsoft.Network/virtualNetworks/subnets', 'aksVirtualNetwork', 'aks')