无法再使用 Terraform 创建简单的 Azure AKS
Cannot create a simple Azure AKS with Terraform anymore
我无法使用以下代码创建 Azure Kubernetes 服务:
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=2.96.0"
}
}
}
resource "azurerm_resource_group" "aks-rg" {
name = "aks-rg"
location = "West Europe"
}
resource "azurerm_kubernetes_cluster" "aks-1" {
name = "aks-1"
location = azurerm_resource_group.aks-rg.location
resource_group_name = azurerm_resource_group.aks-rg.name
dns_prefix = "aks1"
default_node_pool {
name = "nodepool1"
node_count = 3
vm_size = "Standard_D2_v2"
}
identity {
type = "SystemAssigned"
}
tags = {
Environment = "Test"
}
}
出现以下错误:
│ Error: creating Cluster: (Managed Cluster Name "aks-1" / Resource Group "aks-rg"):
containerservice.ManagedClustersClient#CreateOrUpdate: Failure sending
request: StatusCode=400 -- Original Error: Code="RequestDisallowedByPolicy" Message=
"Provisioning of resource(s) for container service aks-1 in resource group aks-rg failed. Message: Resource
'aks-nodepool1-58423643-vmss' was disallowed by policy. Policy identifiers:
'[{\"policyAssignment\":{\"name\":\"Enforce automatic OS upgrade with app health checks
我做错了什么?
我需要先手动创建 VMSS 吗?
提前致谢!
强制执行自动 OS 应用健康检查升级 是 built-in policy 在您的订阅/资源组上强制执行,拒绝创建没有自动 OS 升级已启用。
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachineScaleSets"
},
{
"field": "Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade",
"notEquals": "True"
},
{
"field": "Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade",
"notEquals": "True"
}
]
},
我看到其他人在筹集same problem for azurerm provider. But it can't be fixed at provider level, as just there is no such param when adding a node pool to AKS (eg. looking though options of Azure CLI)。
您只能要求您的管理员禁用该策略或为您添加 exemption。
我无法使用以下代码创建 Azure Kubernetes 服务:
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "=2.96.0"
}
}
}
resource "azurerm_resource_group" "aks-rg" {
name = "aks-rg"
location = "West Europe"
}
resource "azurerm_kubernetes_cluster" "aks-1" {
name = "aks-1"
location = azurerm_resource_group.aks-rg.location
resource_group_name = azurerm_resource_group.aks-rg.name
dns_prefix = "aks1"
default_node_pool {
name = "nodepool1"
node_count = 3
vm_size = "Standard_D2_v2"
}
identity {
type = "SystemAssigned"
}
tags = {
Environment = "Test"
}
}
出现以下错误:
│ Error: creating Cluster: (Managed Cluster Name "aks-1" / Resource Group "aks-rg"):
containerservice.ManagedClustersClient#CreateOrUpdate: Failure sending
request: StatusCode=400 -- Original Error: Code="RequestDisallowedByPolicy" Message=
"Provisioning of resource(s) for container service aks-1 in resource group aks-rg failed. Message: Resource
'aks-nodepool1-58423643-vmss' was disallowed by policy. Policy identifiers:
'[{\"policyAssignment\":{\"name\":\"Enforce automatic OS upgrade with app health checks
我做错了什么? 我需要先手动创建 VMSS 吗?
提前致谢!
强制执行自动 OS 应用健康检查升级 是 built-in policy 在您的订阅/资源组上强制执行,拒绝创建没有自动 OS 升级已启用。
"policyRule": {
"if": {
"allOf": [
{
"field": "type",
"equals": "Microsoft.Compute/virtualMachineScaleSets"
},
{
"field": "Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgradePolicy.enableAutomaticOSUpgrade",
"notEquals": "True"
},
{
"field": "Microsoft.Compute/VirtualMachineScaleSets/upgradePolicy.automaticOSUpgrade",
"notEquals": "True"
}
]
},
我看到其他人在筹集same problem for azurerm provider. But it can't be fixed at provider level, as just there is no such param when adding a node pool to AKS (eg. looking though options of Azure CLI)。
您只能要求您的管理员禁用该策略或为您添加 exemption。