search

Azure / caf-terraform-landingzones-accelerator

Starter project for Applications (level 4) Cloud Adoption Framework for Azure landing zones on Terraform
MIT License
206 stars 230 forks source link

Error: creating Managed Kubernetes Cluster #55

Open mapoitras opened 3 years ago

mapoitras commented 3 years ago

I ran into an error when trying to deploy infrastructure with just default parameters:

_module.caf.module.application_gateways["agw1_az1"].azurerm_application_gateway.agw: Creation complete after 15m2s [id=/subscriptions/203633e9-0e19-48c0-b142-64922c37d994/resourceGroups/rjhi-rg-agw-re1/providers/Microsoft.Network/applicationGateways/rjhi-agw-app_gateway]

**Error: creating Managed Kubernetes Cluster "rjhi-aks-akscluster-re1-001" (Resource Group "rjhi-rg-aks-re1"): containerservice.ManagedClustersClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="RouteTableMissingDefaultRouteError" Message="Default route 0.0.0.0/0 missing from route table /subscriptions/203633e9-0e19-48c0-b142-64922c37d994/resourceGroups/rjhi-rg-aks_spoke_re1/providers/Microsoft.Network/routeTables/rjhi-route-default_to_firewall_re1."

on .terraform/modules/caf/modules/compute/aks/aks.tf line 40, in resource "azurerm_kubernetes_cluster" "aks": 40: resource "azurerm_kubernetescluster" "aks" {**

I'm following instructions on this page after I run "eval terraform apply ${parameter_files}" https://github.com/Azure/caf-terraform-landingzones-starter/blob/starter/enterprise_scale/construction_sets/aks/online/aks_secure_baseline/01-terraform.md

pplavetzki commented 3 years ago

I am also receiving this same error:

creating Managed Kubernetes Cluster "dxnb-aks-akscluster-re1-001" (Resource Group "dxnb-rg-aks-re1"): containerservice.ManagedClustersClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="RouteTableMissingDefaultRouteError" Message="Default route 0.0.0.0/0 missing from route table /subscriptions/39494f26-a647-455c-8339-5cc9941def29/resourceGroups/dxnb-rg-aks_spoke_re1/providers/Microsoft.Network/routeTables/dxnb-route-default_to_firewall_re1."
pplavetzki commented 3 years ago

@mosabami I tracked this down to be a timing issue. The default route is added to the route table correctly, however, the creation of AKS starts before the route created is completed. I hacked the caf/azurerm module to test out this theory by adding module.routes to the depends_on clause of the aks_clusters.tf module.

module "aks_clusters" {
  source     = "./modules/compute/aks"
  depends_on = [module.networking, module.routes]
  for_each   = local.compute.aks_clusters

  global_settings     = local.global_settings
  client_config       = local.client_config
  diagnostics         = local.combined_diagnostics
  diagnostic_profiles = try(each.value.diagnostic_profiles, {})
  base_tags           = try(local.global_settings.inherit_tags, false) ? local.resource_groups[each.value.resource_group_key].tags : {}
  settings            = each.value
  subnets             = lookup(each.value, "lz_key", null) == null ? local.combined_objects_networking[local.client_config.landingzone_key][each.value.vnet_key].subnets : local.combined_objects_networking[each.value.lz_key][each.value.vnet_key].subnets
  resource_group      = local.resource_groups[each.value.resource_group_key]
  admin_group_object_ids = try(each.value.admin_groups.azuread_group_keys, null) == null ? null : try(each.value.admin_groups.ids, [
    for group_key in try(each.value.admin_groups.azuread_groups.keys, {}) : local.combined_objects_azuread_groups[local.client_config.landingzone_key][group_key].id
  ])

}

Do you think I should raise this issue in the terraform.azurerm.caf repo?

Cheers!