Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Added azure network policy for AKS #3213

Merged
merged 1 commit into from
Apr 15, 2019
Merged

Added azure network policy for AKS #3213

merged 1 commit into from
Apr 15, 2019

Conversation

thatInfrastructureGuy
Copy link
Contributor

@thatInfrastructureGuy thatInfrastructureGuy commented Apr 9, 2019
edited by katbyte
Loading

Enabling azure network policy installs Azure-NPM

Signed-off-by: Ashish thatInfrastructureGuy@gmail.com

@thatInfrastructureGuy
added azure network policy
b70ea19 
Signed-off-by: ecp <thatInfrastructureGuy@gmail.com>
@thatInfrastructureGuy
Copy link
Contributor Author

thatInfrastructureGuy commented Apr 9, 2019
edited
Loading

Fixes: #2987 (comment)
Source: MicrosoftDocs/azure-docs#28567 (comment)

tombuildsstuff
tombuildsstuff approved these changes Apr 9, 2019
View reviewed changes
Copy link
Contributor

@tombuildsstuff tombuildsstuff left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM - thanks for this @thatInfrastructureGuy

@tombuildsstuff tombuildsstuff added this to the v1.25.0 milestone Apr 9, 2019
@tombuildsstuff
Copy link
Contributor

hey @thatInfrastructureGuy

Running the tests for this we get the following error (with an empty subscription):

  • azurerm_kubernetes_cluster.test: Error creating/updating Managed Kubernetes Cluster "acctestaks190409093336749031" (Resource Group "acctestRG-190409093336749031"): containerservice.ManagedClustersClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="ResourceCountExceedsLimitDueToTemplate" Message="Provisioning of resource(s) for container service acctestaks190409093336749031 in resource group acctestRG-190409093336749031 failed. Message: Subscription 00000000-0000-0000-0000-000000000000 has a quota of 200 for resources of type RouteTable with sku SkuNotSpecified. Subscription currently has 200 resources and the template contains 1 new resources of the this type which exceeds the quota. Please contact support to increase the quota for resource type RouteTable. Details: []"

AKS itself deploys an ARM Template behind the scenes, so I believe this is a bug in that Template, but I may be wrong? Out of interest does this provision successfully for you?

Thanks!

@thatInfrastructureGuy
Copy link
Contributor Author

thatInfrastructureGuy commented Apr 9, 2019
edited
Loading

@tombuildsstuff I believe Azure is complaining that quota limit of 200 route tables is reached. Can you please check number of route tables used:

az network list-usages --location $ARM_LOCATION --out table

I am not able to reproduce :

make testacc TESTARGS='-run=TestAccAzureRMKubernetesCluster_advancedNetworkingAzureNPMPolicy'
==> Checking that code complies with gofmt requirements...
TF_ACC=1 go test $(go list ./... |grep -v 'vendor'|grep -v 'examples') -v -run=TestAccAzureRMKubernetesCluster_advancedNetworkingAzureNPMPolicy -timeout 180m -ldflags="-X=github.com/terraform-providers/terraform-provider-azurerm/version.ProviderVersion=acc"
?       github.com/terraform-providers/terraform-provider-azurerm       [no test files]
=== RUN   TestAccAzureRMKubernetesCluster_advancedNetworkingAzureNPMPolicy
=== PAUSE TestAccAzureRMKubernetesCluster_advancedNetworkingAzureNPMPolicy
=== RUN   TestAccAzureRMKubernetesCluster_advancedNetworkingAzureNPMPolicyComplete
=== PAUSE TestAccAzureRMKubernetesCluster_advancedNetworkingAzureNPMPolicyComplete
=== CONT  TestAccAzureRMKubernetesCluster_advancedNetworkingAzureNPMPolicy
=== CONT  TestAccAzureRMKubernetesCluster_advancedNetworkingAzureNPMPolicyComplete
--- PASS: TestAccAzureRMKubernetesCluster_advancedNetworkingAzureNPMPolicyComplete (783.19s)
--- PASS: TestAccAzureRMKubernetesCluster_advancedNetworkingAzureNPMPolicy (783.19s)
PASS
ok      github.com/terraform-providers/terraform-provider-azurerm/azurerm       783.226s
testing: warning: no tests to run
PASS
ok      github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/azure (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/kubernetes    (cached) [no tests to run]
?       github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/response      [no test files]
?       github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/set   [no test files]
testing: warning: no tests to run
PASS
ok      github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/suppress      (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/tf    (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/terraform-providers/terraform-provider-azurerm/azurerm/helpers/validate      (cached) [no tests to run]
testing: warning: no tests to run
PASS
ok      github.com/terraform-providers/terraform-provider-azurerm/azurerm/utils (cached) [no tests to run]
?       github.com/terraform-providers/terraform-provider-azurerm/version       [no test files]

Having said that, I have set ARM_CLIENT_ID, ARM_CLIENT_SECRET, ARM_ENVIRONMENT ARM_SUBSCRIPTION_ID, ARM_TENANT_ID, ARM_TEST_LOCATION, ARM_TEST_LOCATION_ALT

It does provision successfully for me. Thanks.

@ghost ghost removed the waiting-response label Apr 9, 2019
@thatInfrastructureGuy
Copy link
Contributor Author

@tombuildsstuff Is there something I can assist with here? Just making sure this does not fall through the cracks :)

Thanks.

katbyte
katbyte approved these changes Apr 15, 2019
View reviewed changes
Copy link
Collaborator

@katbyte katbyte left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

hey @thatInfrastructureGuy,

It hasn't 🙂 just getting things merged for the next release now. LGTM 🚀

@katbyte katbyte merged commit 00599c3 into hashicorp:master Apr 15, 2019
katbyte added a commit that referenced this pull request Apr 15, 2019
@katbyte
Update CHANGELOG.md to include #3213
2039b09
@thatInfrastructureGuy thatInfrastructureGuy deleted the aks/networkPolicy branch April 15, 2019 20:39
@thatInfrastructureGuy
Copy link
Contributor Author

Awesome. Thanks @katbyte

@ghost
Copy link

ghost commented Apr 17, 2019

This has been released in version 1.25.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
	version = "~> 1.25.0"
}
# ... other configuration ...

@ghost
Copy link

ghost commented May 16, 2019

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!

@ghost ghost locked and limited conversation to collaborators May 16, 2019
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@tombuildsstuff tombuildsstuff tombuildsstuff approved these changes

@katbyte katbyte katbyte approved these changes

Assignees
No one assigned
Labels
documentation enhancement service/kubernetes-cluster size/M
Projects
None yet
Milestone
v1.25.0
Development

Successfully merging this pull request may close these issues.
3 participants
@thatInfrastructureGuy @tombuildsstuff @katbyte