Azure Government - Azure Kubernetes Service - Add-on Policy

tjsullivan1 commented 3 years ago

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Terraform v1.0.3 on linux_amd64

provider registry.terraform.io/hashicorp/azurerm v2.72.0

Affected Resource(s)

azurerm_kubernetes_cluster

Terraform Configuration Files

# Copy-paste your Terraform configurations here - for large Terraform configs,
# please use a service like Dropbox and share a link to the ZIP file. For
# security, you can also encrypt the files using our GPG public key: https://keybase.io/hashicorp
terraform {
  required_version = "~> 1.0.0"
  required_providers {
    azurerm = {
      source  = "registry.terraform.io/hashicorp/azurerm"
      version = "> 2.71.0"
    }
  }
}

provider "azurerm" {
  skip_provider_registration = false
  environment = "usgovernment"
  features {}
}

data "azurerm_client_config" "current" {}

resource "azurerm_resource_group" "k8s-policy" {
  name     = "rg-k8s-policy-resources"
  location = "usgovvirginia"
}

resource "azurerm_kubernetes_cluster" "k8s-policy" {
  name                = "k8s-policy-aks1"
  location            = azurerm_resource_group.k8s-policy.location
  resource_group_name = azurerm_resource_group.k8s-policy.name
  dns_prefix          = "k8s-policyaks1"

  default_node_pool {
    name       = "default"
    node_count = 1
    vm_size    = "Standard_D2_v2"
  }

  addon_profile {
    azure_policy {
      enabled = true
    }
  }

  identity {
    type = "SystemAssigned"
  }

  tags = {
    Environment = "Production"
  }
}

Debug Output

Debug contains secrets, so would prefer a private method if necessary for sharing.

Panic Output

Expected Behaviour

AKS cluster creates with Azure Policy Add-On Enabled

Actual Behaviour

This code works fine in Azure Commercial. In Azure Government, errors when running terraform apply with message: │ Error: The addon "azurepolicy" is not supported for a Kubernetes Cluster located in "AzureUSGovernmentCloud" │ │ with azurerm_kubernetes_cluster.k8s-policy, │ on main.tf line 24, in resource "azurerm_kubernetes_cluster" "k8s-policy": │ 24: resource "azurerm_kubernetes_cluster" "k8s-policy" { │

This is incorrect. The Policy Add-on went GA September 2020 (https://azure.microsoft.com/en-us/updates/ga-policy-addon-for-azure-kubernetes-service/), and is supported in Gov (az cli commands work for this).

Steps to Reproduce

terraform apply

Important Factoids

Running in Azure Government this fails.

References

This appears to be the PR that adjusted gov cloud behavior: https://github.com/hashicorp/terraform-provider-azurerm/pull/7233

0000

github-actions[bot] commented 2 years ago

This functionality has been released in v2.89.0 of the Terraform Provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading.

For further feature requests or bug reports with this functionality, please create a new GitHub issue following the template. Thank you!

github-actions[bot] commented 2 years ago

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.

hashicorp / terraform-provider-azurerm