Open AlexanderSehr opened 3 weeks ago
[!IMPORTANT] The "Needs: Triage :mag:" label must be removed once the triage process is complete!
[!TIP] For additional guidance on how to triage this issue/PR, see the BRM Issue Triage documentation.
@AlexanderSehr, thanks for submitting this issue for the avm/res/compute/virtual-machine-scale-set
module!
[!IMPORTANT] A member of the @Azure/avm-res-compute-virtualmachinescaleset-module-owners-bicep or @Azure/avm-res-compute-virtualmachinescaleset-module-contributors-bicep team will review it soon!
@AlexanderSehr regarding the networkAPI, I already filed a bug with the VMSS team, see #2088
Check for previous/existing GitHub issues
Issue Type?
Bug
Module Name
avm/res/compute/virtual-machine-scale-set
(Optional) Module Version
No response
Description
Please note that currently, the
System-Assigned Identity
scenario isn't tested by the module tests anymore.If I try to use the feature, it fails with:
The value 'SystemAssigned' of parameter 'identity' is not allowed. Allowed values are: UserAssigned, None.
.After checking with @rahalan, it turns out, that you cannot use a system-assigned idenity with
orchestrationMode: 'Flexible'
but must use 'Uniform' (ideally, this should be documented).However, even if I set both of these values (the orchestration mode + identity), I get an error message
Could not find member 'networkApiVersion' on object of type 'VMScaleSetNetworkProfile'. Path 'Properties.UpdateGroups[0].NetworkProfile.networkApiVersion', line 1, position 915.
(ref) I seem unable to get around. It appears to refer to line 510 in the module: https://github.com/Azure/bicep-registry-modules/blob/b7d33c584024cd4ec405b70acc5171880fda3372/avm/res/compute/virtual-machine-scale-set/main.bicep#L510I'm now a bit lost. If I don't set any identity this also leads to an issue as long as I don't also provide additional network properties, showing
- No outbound connectivity configured for virtual machine /subscriptions/<subId>resourceGroups/RG-ADO-AGENTS/providers/Microsoft.Compute/virtualMachines/vmss-agents_db94869a. Please attach standard load balancer or public IP address to VM, create NAT gateway or configure user-defined routes (UDR) in the subnet. Learn more at aka.ms/defaultoutboundaccess. (Code: OutboundConnectivityNotEnabledOnVM)
which I guess is by design.(Optional) Correlation Id
No response