load_balancer_profile.outbound_ip_address_ids can't be created in node_resource_group

[yene]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.2.5

AzureRM Provider Version

3.14

Affected Resource(s)/Data Source(s)

azurerm_kubernetes_cluster

Terraform Configuration Files

resource "azurerm_kubernetes_cluster" "aks_fsp" {
  network_profile {
    load_balancer_profile {
      outbound_ip_address_ids = [azurerm_public_ip.aks_outbound_ip.id]
    }
  }
}

resource "azurerm_public_ip" "aks_outbound_ip" {
  name                = "ip-kubernetes"
  resource_group_name = azurerm_kubernetes_cluster.aks_fsp.node_resource_group
  location            = azurerm_resource_group.rg.location
  sku                 = "Standard" // default: Basic
  allocation_method   = "Static"
  public_ip_prefix_id = var.publicip_prefixes_id

}

Debug Output/Panic Output

Cycle: ...

Description

AKS wants the loadbalancer IP in the node_resource_group RG. To create the IP in node_resource_group AKS needs to exist. To create AKS the IP needs to exist.

How can this cycle be solved?

[yene]

Currently I run it twice,

1. to setup AKS and its managed resource group
2. to assign the ip inside the RG to the loadbalancer

[ms-henglu]

Hi @yene ,

If you really want to do this in one run, here's a workaround, you can use azapi_update_resource to do a multi-steps apply. In the following example, azapi_update_resource will add outboundIPs on the existing cluster which is the last step. But please notice, changes outside the azurerm_kubernetes_cluster. aks_fsp will cause a plan-diff, so I use ignore_changes to suppress it.

resource "azurerm_kubernetes_cluster" "aks_fsp" {
  // ... 
  lifecycle {
    ignore_changes = [network_profile.0.load_balancer_profile.0.outbound_ip_address_ids]
  }
}

resource "azurerm_public_ip" "aks_outbound_ip" {
  name                = "ip-kubernetes"
  resource_group_name = azurerm_kubernetes_cluster.aks_fsp.node_resource_group
  location            = azurerm_resource_group.rg.location
  sku                 = "Standard" // default: Basic
  allocation_method   = "Static"
  public_ip_prefix_id = var.publicip_prefixes_id
}

resource "azapi_update_resource" "test" {
  type        = "Microsoft.ContainerService/managedClusters@2022-05-02-preview"
  resource_id = azurerm_kubernetes_cluster.example.id
  body = jsonencode({
    properties = {
      networkProfile = {
        loadBalancerProfile = {
          outboundIPs = {
            publicIPs = [
              {
                id = azurerm_public_ip.aks_outbound_ip.id
              }
            ]
          }
        }
      }
    }
  })
}

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.