search

Azure / bicep-registry-modules

Bicep registry modules
MIT License
435 stars 287 forks source link

[AVM Module Issue]: Unable to deploy VMSS with System-Assigned #2671

Open AlexanderSehr opened 3 weeks ago

AlexanderSehr commented 3 weeks ago

Check for previous/existing GitHub issues

Issue Type?

Bug

Module Name

avm/res/compute/virtual-machine-scale-set

(Optional) Module Version

No response

Description

Please note that currently, the System-Assigned Identity scenario isn't tested by the module tests anymore.

If I try to use the feature, it fails with: The value 'SystemAssigned' of parameter 'identity' is not allowed. Allowed values are: UserAssigned, None..

After checking with @rahalan, it turns out, that you cannot use a system-assigned idenity with orchestrationMode: 'Flexible' but must use 'Uniform' (ideally, this should be documented).

However, even if I set both of these values (the orchestration mode + identity), I get an error message Could not find member 'networkApiVersion' on object of type 'VMScaleSetNetworkProfile'. Path 'Properties.UpdateGroups[0].NetworkProfile.networkApiVersion', line 1, position 915. (ref) I seem unable to get around. It appears to refer to line 510 in the module: https://github.com/Azure/bicep-registry-modules/blob/b7d33c584024cd4ec405b70acc5171880fda3372/avm/res/compute/virtual-machine-scale-set/main.bicep#L510

I'm now a bit lost. If I don't set any identity this also leads to an issue as long as I don't also provide additional network properties, showing - No outbound connectivity configured for virtual machine /subscriptions/<subId>resourceGroups/RG-ADO-AGENTS/providers/Microsoft.Compute/virtualMachines/vmss-agents_db94869a. Please attach standard load balancer or public IP address to VM, create NAT gateway or configure user-defined routes (UDR) in the subnet. Learn more at aka.ms/defaultoutboundaccess. (Code: OutboundConnectivityNotEnabledOnVM) which I guess is by design.

(Optional) Correlation Id

No response

microsoft-github-policy-service[bot] commented 3 weeks ago

[!IMPORTANT] The "Needs: Triage :mag:" label must be removed once the triage process is complete!

[!TIP] For additional guidance on how to triage this issue/PR, see the BRM Issue Triage documentation.

avm-team-linter[bot] commented 3 weeks ago

@AlexanderSehr, thanks for submitting this issue for the avm/res/compute/virtual-machine-scale-set module!

[!IMPORTANT] A member of the @Azure/avm-res-compute-virtualmachinescaleset-module-owners-bicep or @Azure/avm-res-compute-virtualmachinescaleset-module-contributors-bicep team will review it soon!

rahalan commented 2 weeks ago

@AlexanderSehr regarding the networkAPI, I already filed a bug with the VMSS team, see #2088