search

Azure / AKS-Landing-Zone-Accelerator

Official repository for the AKS Landing Zone Accelerator program
MIT License
207 stars 196 forks source link

[BUG] GH Action - Deploy Infrastructure Fails on Deploy AKS in Spoke #119

Closed jgardner04 closed 3 months ago

jgardner04 commented 4 months ago

Describe the bug When running the Deploy Enterprise Landing Zone Hub & Spoke Infrastructure via the GitHub Action I get an error in the Deploy AKS in Spoke. The error is outlined below.

Error: WARNING: /home/runner/work/AKS-Landing-Zone-Accelerator/AKS-Landing-Zone-Accelerator/Scenarios/AKS-Secure-Baseline-PrivateCluster/Bicep/06-AKS-cluster/modules/policy/policy.bicep(3,13) : Warning no-loc-expr-outside-params: Use a parameter here instead of 'resourceGroup().location'. 'resourceGroup().location' and 'deployment().location' should only be used as a default value for parameters.

The error is coming from the Bicep Linter no-loc-expr-outside-params rule.

To Reproduce Steps to reproduce the behavior:

  1. Fork the Repo
  2. Follow the AKS landing zone accelerator - Private Cluster Scenario for Bicep guide for Deploying using GitHubActions
  3. Create the Microsoft Entra accoutns
  4. Configure OpenID Connect in Azure
  5. Create PAT
  6. Register Resource Providers
  7. Set GH Actions secrets
  8. Trigger the Deploying Enterprise Landing Zone Hub & Spoke Infrastructure GitHub Actions Workflow.
  9. See Error

Expected behavior The GH Action would complete, and the infrastructure would be deployed.

Additional context The fork is up to date with commit e1090f0.

jgardner04 commented 4 months ago

It looks like the issue is here The location should be set to a parameter, the default value of the parameter can be resourceGroup().location

it would look like

param location string = resourceGroup().location

resource DefAKSAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' = if (environment().name == 'AzureCloud') {
  name: 'EnableDefenderForAKS'
  location: location
...
}

I will work up a fix and get a PR in as soon as I can.

jgardner04 commented 4 months ago

In testing the deployment ran into additional linting issues with the policy.bicep file. The linter is throwing an additional error that the policyDefinitionId needs to be in a parameter as well. I will update the PR with this after testing.