create public IP before AKS cluster #1141
Conversation
geoberle
requested review from
bennerv,
janboll,
jmelis,
jonathan34c,
SudoBrendan,
UlrichSchlueter,
weinong,
whober0521 and
tony-schndr
as code owners
| @@ -389,7 +389,7 @@ resource aksCluster 'Microsoft.ContainerService/managedClusters@2024-04-02-previ | |||
| outboundIPs: { | |||
| publicIPs: [ | |||
| { | |||
| id: resourceId('Microsoft.Network/publicIPAddresses', aksClusterOutboundIPAddressName) | |||
| id: aksClusterOutboundIPAddress.outputs.publicIPAddressId | |||
There was a problem hiding this comment.
That did not work in my previous testing and I just tried it again:
Preflight validation check for resource(s) for container service aro-hcp-aks in resource group hcp-underlay-usw3jche-svc failed. Message: Error parsing provided IP of [reference(resourceId('Microsoft.Resources/deployments', variables('aksClusterOutboundIPAddressName')), '2022-09-01').outputs.publicIPAddressId.value]. Error parsing failed for [reference(resourceId('Microsoft.Resources/deployments', variables('aksClusterOutboundIPAddressName')), '2022-09-01').outputs.publicIPAddressId.value]. Invalid resource Id format.
My understanding is this is apparently due to how bicep modules are processed in ARM and how it only produces outputs after the module deployment is completed. As such, it cannot provide the ID to the AKS cluster resource and ARM wants an ID, not a reference to one
There was a problem hiding this comment.
i just realized you are right. it works well when the IP exists already but fails on a preflight check in EV2. i'll try something else. see the updated PR
There was a problem hiding this comment.
I had also refrained to use dependsOn because Azure discourages it and having never encountered timing issues in my testing I assumed somehow Azure was figuring out the dependency with resourceId()
That said nothing complains if we add the resource to dependsOn so lets do that for now to avoid the timing issues
|
Is this meant to solve an issue you encountered? I must have provisioned at least 20 clusters throughout my testing of #1103 and never encountered a dependency or missing resource error |
geoberle
force-pushed
the
aks-egress-ip-fix
branch
from
6ed5adc to
6d9a641
Compare
there can be timing issues, e.g. when IP address creation is delayed and the AKS cluster creation is making faster progress. i reverted the |
this PR sets up implicit dependency between the public egress IP address creation and the AKS cluster that will use it. Signed-off-by: Gerd Oberlechner <[email protected]>
geoberle
force-pushed
the
aks-egress-ip-fix
branch
from
6d9a641 to
84eff3b
Compare
this PR sets up implicit dependency between the public egress IP address creation and the AKS cluster that will use it. Signed-off-by: Gerd Oberlechner <[email protected]>
What this PR does
create implicit dependency between public egress IP address and AKS cluster. this way bicep will only start the AKS creation/modification once the public IP is created and ready.
additionally persist the registration of the
Microsoft.Network/AllowBringYourOwnPublicIpAddressAFEC flag, which is required to bring our own egress IP for the AKS cluter.Jira:
Link to demo recording:
Special notes for your reviewer