Develop Reference

Getting Unsupported block type while installing AKS using Terraform

I am getting error while creating AKS Cluster Using Terraform
Error:
│ Error: Unsupported block type
│
│ on main.tf line 97, in resource "azurerm_kubernetes_cluster" "aks":
│ 97: image_reference {
│
│ Blocks of type "image_reference" are not expected here.
╵
╷
│ Error: Unsupported block type
│
│ on main.tf line 105, in resource "azurerm_kubernetes_cluster" "aks":
│ 105: node_pools {
│
│ Blocks of type "node_pools" are not expected here.
╵
╷
│ Error: Unsupported block type
│
│ on main.tf line 124, in resource "azurerm_kubernetes_cluster" "aks":
│ 124: node_pool {
│
│ Blocks of type "node_pool" are not expected here.
╵
╷
│ Error: Unsupported block type
│
│ on main.tf line 153, in resource "azurerm_kubernetes_cluster" "aks":
│ 153: kubernetes_cluster_config {
│
│ Blocks of type "kubernetes_cluster_config" are not expected here.
╵
╷
│ Error: Unsupported argument
│
│ on main.tf line 180, in resource "azurerm_kubernetes_cluster" "aks":
│ 180: network_security_group_id = azurerm_network_security_group.azure-sg.id
│
│ An argument named "network_security_group_id" is not expected here.
Above is the error i am facing. I have written Terraform code as shown below.
provider.tf:
============
provider "azurerm" {
features {}
}
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "2.39.0"
}
}
}
terraform.tfvars:
=================
resource_group_name = "a0474899701"
location = "CentralUS"
cluster_name = "aks01"
kubernetes_version = "1.24.4"
system_node_count = 2
user_node_count = 1
spot_node_count = 2
acr_name = "devops_acr_tf"
aks_network_plugin = "kubenet"
client_id = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
client_secret = "xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx"
main.tf:
========
# Create an Resource Group
resource "azurerm_resource_group" "aks-rg" {
name = var.resource_group_name
location = var.location
}
# Create an ACR instance
resource "azurerm_container_registry" "acr" {
name = var.acr_name
resource_group_name = azurerm_resource_group.aks-rg.name
location = var.location
sku = "Standard"
admin_enabled = false
}
# Create a role assignment to allow AKS to access ACR
resource "azurerm_role_assignment" "role_acrpull" {
scope = azurerm_container_registry.acr.id
role_definition_name = "AcrPull"
# principal_id = azurerm_kubernetes_cluster.aks.kubelet_identity.0.object_id
principal_id = azurerm_kubernetes_cluster.aks.kubelet_identity.0.client_id
skip_service_principal_aad_check = true
}
# Create a Kubernetes secret to hold the ACR credentials
# It holds the ACR credentials in a Docker config JSON format
resource "kubernetes_secret" "acr_credentials" {
metadata {
name = "acr-credentials"
}
data = {
".dockerconfigjson" = azurerm_container_registry.acr.docker_config_json
}
}
# Private Key Creation
resource "tls_private_key" "aks_ssh_key" {
algorithm = "RSA"
}
resource "file" "private_key" {
content = tls_private_key.aks_ssh_key.private_key_pem
filename = "aks_private_key.pem"
}
# virtual network (aks_vnet) is created in the same resource group
resource "azurerm_virtual_network" "aks_vnet" {
name = "${var.resource_group_name}-vnet01"
# address_space = ["10.0.0.0/16"]
address_space = ["10.172.144.0/26"]
location = azurerm_resource_group.aks_rg.location
resource_group_name = azurerm_resource_group.aks_rg.name
}
# subnet (aks_subnet) is created within the virtual network
resource "azurerm_subnet" "aks_subnet" {
name = "${var.resource_group_name}-vnet01-subnet01"
resource_group_name = azurerm_resource_group.aks_rg.name
virtual_network_name = azurerm_virtual_network.aks_vnet.name
# address_prefix = "10.0.1.0/24"
address_prefix = "10.172.144.0/27"
}
resource "azurerm_network_security_group" "azure-sg" {
name = "${var.resource_group_name}-nsg01"
location = azurerm_resource_group.aks_rg.location
resource_group_name = azurerm_resource_group.aks_rg.name
security_rule {
name = "allow-ssh"
priority = 100
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
destination_port_range = "22"
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
resource "azurerm_kubernetes_cluster" "aks" {
name = var.cluster_name
kubernetes_version = var.kubernetes_version
location = var.location
resource_group_name = azurerm_resource_group.aks-rg.name
security_group_name = azurerm_network_security_group.azure-sg.name
dns_prefix = var.cluster_name
default_node_pool {
name = "system"
node_count = var.system_node_count
vm_size = "Standard_E4as_v4"
os_disk_size_gb = 20
os_disk_type = "Ephemeral"
vnet_subnet_id = azurerm_subnet.aks_subnet.id
os_type = "Linux"
node_image_version = "AKSUbuntu-1804gen2containerd-2023.01.10"
enable_node_public_ip = false
enable_auto_scaling = false
}
additional_node_pools {
name = "user"
node_count = var.user_node_count
vm_size = "Standard_E8as_v4"
os_disk_size_gb = 20
os_disk_type = "Ephemeral"
vnet_subnet_id = azurerm_subnet.aks_subnet.id
type = "User"
# os_type = "RedHat"
os_type = "Linux"
node_image_version = "AKSUbuntu-1804gen2containerd-2023.01.10"
enable_node_public_ip = false
enable_auto_scaling = false
}
additional_node_pools {
name = "spot"
node_count = var.spot_node_count
vm_size = "Standard_D2s_v3"
os_disk_size_gb = 20
os_disk_type = "Ephemeral"
vnet_subnet_id = azurerm_subnet.aks_subnet.id
type = "User"
# os_type = "RedHat"
os_type = "Linux"
node_image_version = "AKSUbuntu-1804gen2containerd-2023.01.10"
max_price = 0.5
enable_node_public_ip = false
enable_auto_scaling = false
eviction_policy = "Spot"
taints = ["kubernetes.azure.com/scalesetpriority=spot:NoSchedule"]
labels = {
"kubernetes.azure.com/scalesetpriority" = "spot"
}
}
kubernetes_cluster_config {
max_pods_per_node = "110"
}
identity {
type = "SystemAssigned"
}
linux_profile {
admin_username = "azureuser"
ssh_key {
key_data = tls_private_key.aks_ssh_key.public_key_openssh
}
}
network_profile {
pod_cidr = "172.32.0.0/19"
service_cidr = "172.32.0.0/19"
load_balancer_sku = "Standard"
network_plugin = var.aks_network_plugin
dns_service_ip = "172.32.0.10"
docker_bridge_cidr = "172.34.0.1/16"
}
service_principal {
client_id = var.client_id
client_secret = var.client_secret
}
tags = {
Environment = "Development"
}
}
# ACR can be attached to the AKS cluster using the "azurerm_kubernetes_cluster_container_registry_config" resource type
resource "azurerm_kubernetes_cluster_container_registry_config" "acr_config" {
cluster_name = azurerm_kubernetes_cluster.aks.name
registry_id = azurerm_container_registry.acr.id
namespace = "aks"
default_action = "Allow"
}
Above is my Code I am facing above error. I am getting some depreciation. Can anyone please tell me How to solve this error
what i need to replace instead of these errors
Thanks

If you see official doc there is no field like additional_node_pools for AKS cluster.
Filed is not supported however still you have added in
resource "azurerm_kubernetes_cluster" "aks"
so that's the reason behind the error.
Check this doc for adding more node pool : https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster_node_pool

Terraform Azure for each VM / NIC

I'm trying to create multiplane vms using for each function in terraform.
Resource Group
resource "azurerm_resource_group" "rg" {
name = "${var.prefix}-rg"
location = "east us 2"
tags = var.tags
}
VNET
resource "azurerm_virtual_network" "vnet" {
name = "${var.prefix}-network-1"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
tags = var.tags
}
Subnet
resource "azurerm_subnet" "subnet" {
name = "${var.prefix}-network-subnet-1"
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = ["10.0.2.0/24"]
}
Variables for NICS
variable "nics" {
type = map
default = {
nic3 = {
name = "ubuntu-test-3"
}
nic4 = {
name = "ubuntu-test-4"
}
}
}
NICS
resource "azurerm_network_interface" "nics" {
for_each = var.nics
name = each.value.name
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
ip_configuration {
name = "${each.value.name}-conf-1"
subnet_id = azurerm_subnet.subnet.id
private_ip_address_allocation = "Dynamic"
}
tags = var.tags
}
Variables for VMS
variable "vms" {
description = "Virtual Machines"
type = map
default = {
vm3 = {
name = "ubuntu-test-3"
size = "Standard_DS1_v2"
}
vm4 = {
name = "ubuntu-test-4"
size = "Standard_DS1_v2"
}
}
}
and the block for the VM ( not completed - i wrote only the section that i have issue with )
resource "azurerm_virtual_machine" "vms" {
for_each = var.vms
name = each.value.name
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
vm_size = each.value.size
tags = var.tags
network_interface_ids = [
azurerm_network_interface.nics[each.value].id,
]
The issue is with this section
network_interface_ids = [
azurerm_network_interface.nics[each.value].id,
]
I'm getting ERROR
│ Error: Invalid index
│
│ on main.tf line 247, in resource "azurerm_virtual_machine" "vms":
│ 247: azurerm_network_interface.nics[each.value].id,
│ ├────────────────
│ │ azurerm_network_interface.nics is object with 2 attributes
│ │ each.value is object with 2 attributes
│
│ The given key does not identify an element in this collection value: string required.
Also tried with
network_interface_ids = [
azurerm_network_interface.nics[each.key].id,
]
and got ERROR
│ Error: Invalid index
│
│ on main.tf line 249, in resource "azurerm_virtual_machine" "vms":
│ 249: azurerm_network_interface.nics[each.key].id,
│ ├────────────────
│ │ azurerm_network_interface.nics is object with 2 attributes
│ │ each.key is "vm3"
│
│ The given key does not identify an element in this collection value.
╵
╷
│ Error: Invalid index
│
│ on main.tf line 249, in resource "azurerm_virtual_machine" "vms":
│ 249: azurerm_network_interface.nics[each.key].id,
│ ├────────────────
│ │ azurerm_network_interface.nics is object with 2 attributes
│ │ each.key is "vm4"
│
│ The given key does not identify an element in this collection value
What I'm doing wrong ?

Replicated the same scenario and able to create resources.
Made couple of changes for the existing code base provided
Added **nic = "nic" value at vms block
Updated network_interface_ids = [azurerm_network_interface.nics[each.value.nic].id,]
Here is the code snippet.
Step1:
Main tf code as below
provider "azurerm" {
features {}
}
variable "prefix" {
default = "rg_swarna"
}
resource "azurerm_resource_group" "rg" {
name = "${var.prefix}-rg"
location = "West US"
// tags = var.tags
}
resource "azurerm_virtual_network" "vnet" {
name = "${var.prefix}-network-1"
address_space = ["10.0.0.0/16"]
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
// tags = var.tags
}
resource "azurerm_subnet" "subnet" {
name = "${var.prefix}-network-subnet-1"
resource_group_name = azurerm_resource_group.rg.name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = ["10.0.2.0/24"]
}
resource "azurerm_network_interface" "nics" {
for_each = var.nics
name = each.value.name
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
ip_configuration {
name = "${each.value.name}-conf-1"
subnet_id = azurerm_subnet.subnet.id
private_ip_address_allocation = "Dynamic"
}
//tags = var.tags
}
resource "azurerm_virtual_machine" "vms" {
for_each = var.vms
name = each.value.name
vm_size = "Standard_DS1_v2"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
network_interface_ids = [azurerm_network_interface.nics[each.value.nic].id,]
storage_os_disk {
name = "myosdisk${each.value.name}"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Standard_LRS"
}
storage_image_reference {
publisher = "Canonical"
offer = "UbuntuServer"
sku = "16.04-LTS"
version = "latest"
}
os_profile {
computer_name = "TestDemo"
admin_username = "azureuser"
admin_password = "*****#123"
}
os_profile_linux_config {
disable_password_authentication = false
}
}
Step2:
variable tf file
variable "allowed_subnet_ids" {
type = list(string)
description = "access"
}
variable "nics" {
type = map
default = {
nic3 = {
name = "ubun3"
}
nic4 = {
name = "ubun4"
}
}
}
variable "vms" {
description = "VM"
type = map
default = {
vm3 = {
name = "ubun3"
size = "Standard_DS1_v2"
nic = "nic3"
}
vm4 = {
name = "ubuntu4"
size = "Standard_DS1_v2"
nic = "nic4"
}
}
}
variable "allowed_ips" {
type = list(string)
description = "IP addresses"
}
variable "sku" {
type = string
description = "SKU"
}
variable "resource_group_name" {
type = string
description = "resource_group_name"
}
variable "location" {
type = string
description = "location"
}
Step3:
terraform plan
terraform apply -auto-approve
Here are the reference screenshots
Here is the output from above code

In order for this to work, you would need to modify the variable for VMs slightly:
variable "vms" {
description = "Virtual Machines"
type = map
default = {
vm3 = {
name = "ubuntu-test-3"
size = "Standard_DS1_v2"
nic = "nic3"
}
vm4 = {
name = "ubuntu-test-4"
size = "Standard_DS1_v2"
nic = "nic4"
}
}
}
Then, in the VM resource block:
resource "azurerm_virtual_machine" "vms" {
for_each = var.vms
name = each.value.name
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
vm_size = each.value.size
tags = var.tags
network_interface_ids = [
azurerm_network_interface.nics[each.value.nic].id,
]
}
Alternatively, you could try with resource chaining with for_each [1], but then you would have to refactor the resource block a bit:
resource "azurerm_virtual_machine" "vms" {
for_each = azurerm_network_interface.nics
name = each.value.name
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
vm_size = var.vm_size # or set it to be equal to "Standard_DS1_v2"
tags = var.tags
network_interface_ids = [
each.value.id,
]
}
Then, you would also have to define a new variable called vm_size:
variable "vm_size" {
type = string
description = "VM size."
default = "Standard_DS1_v2"
}
In the second case, you could remove the variable vms completely.
[1] https://developer.hashicorp.com/terraform/language/meta-arguments/for_each#chaining-for_each-between-resources

why i am getting "An argument named "sku" is not expected here" ,what is wrong here

resource "azurerm_public_ip" "pip_bastion_hub" {
name = var.public_ip_for_bastion_host_hub
location = var.Location
resource_group_name = var.resource_group_hub
allocation_method = "Static"
sku = "Standard"
}
resource "azurerm_bastion_host" "bastion-host_hub" {
name = var.bastion_host_name_for_hub
location = var.Location
resource_group_name = var.resource_group_hub
sku = "Standard"
ip_connect_enabled = "true"
ip_configuration {
name = "configuration"
subnet_id = azurerm_subnet.hub_subnet1.id
public_ip_address_id = azurerm_public_ip.pip_bastion_hub.id
}
depends_on = [azurerm_public_ip.pip_bastion_hub,azurerm_resource_group.rg_spoke2]
}
│ Error: Unsupported argument
│
│ on main.tf line 137, in resource "azurerm_bastion_host" "bastion-host_hub":
│ 137: sku = "Standard"
│
│ An argument named "sku" is not expected here.

You have to upgrade your azurem provider. Sku was added in version 2.88.

The provider hashicorp/azurerm does not support resource type │ "azurerm_lb_backend_address_pool_address"

I am trying to create a Load Balancer in azure using terraform and I am getting this error:
Error: Invalid resource type
│
│ on 12-lb.tf line 43, in resource "azurerm_lb_backend_address_pool_address" "example":
│ 43: resource "azurerm_lb_backend_address_pool_address" "example" {
│
│ The provider hashicorp/azurerm does not support resource type
│ "azurerm_lb_backend_address_pool_address".
And here's my 12-lb.tf
resource "azurerm_lb" "example" {
name = "classiclb"
resource_group_name = azurerm_resource_group.example.name
location = azurerm_resource_group.example.location
sku = "Standard"
frontend_ip_configuration {
name = "classiclb"
subnet_id = azurerm_subnet.vm.id
private_ip_address_allocation = "Dynamic"
}
}
resource "azurerm_lb_backend_address_pool" "example" {
loadbalancer_id = azurerm_lb.example.id
name = "classiclb"
}
resource "azurerm_lb_probe" "example" {
resource_group_name = azurerm_resource_group.example.name
loadbalancer_id = azurerm_lb.example.id
name = "classiclb"
port = 80
interval_in_seconds = 10
number_of_probes = 3
protocol = "Http"
request_path = "/"
}
resource "azurerm_lb_rule" "example" {
resource_group_name = azurerm_resource_group.example.name
loadbalancer_id = azurerm_lb.example.id
name = "classiclb"
protocol = "Tcp"
frontend_port = 80
backend_port = 80
frontend_ip_configuration_name = "classiclb"
backend_address_pool_id = azurerm_lb_backend_address_pool.example.id
probe_id = azurerm_lb_probe.example.id
}
# the below is to be only used by when the sku of LB is set to Standard ony
resource "azurerm_lb_backend_address_pool_address" "example" {
name = "classiclb"
backend_address_pool_id = azurerm_lb_backend_address_pool.example.id
virtual_network_id = azurerm_virtual_network.example.id
ip_address = azurerm_linux_virtual_machine.example.private_ip_address
}
# the below is to be only used by when the sku of LB is set to Basic
# resource "azurerm_network_interface_backend_address_pool_association" "example" {
# network_interface_id = azurerm_network_interface.example.id
# ip_configuration_name = "internall"
# backend_address_pool_id = azurerm_lb_backend_address_pool.example.id
# }
Why the resource azurerm_lb_backend_address_pool_address is not supported?

Why the resource azurerm_lb_backend_address_pool_address is not supported?
You have old version your your azurem provider. You have to upgrade it.

How to reference count index in another module?

I have deployed two subnets by using count.index then I need to referece the id of subnet in subnet_route_table_association module. Can any one advise me what is the correct way to do that?
here is my code
/application/demo/main.tf
module “subnet_association” {
source = “…/…/Modules/subnet_association”
subid = var.subid
subnet_id = module.subnet.subnet_id
route_table_id = module.route_table.route_table_id
}
Modules/subnet/main.tf
resource "azurerm_subnet" "module-spoke-subnet" {
count = var.subnet_count
name = element(var.subnet_name, count.index)
resource_group_name = var.resource_group_name
virtual_network_name = var.virtual_network_name
address_prefixes = [var.subnet_address[count.index]]
enforce_private_link_endpoint_network_policies = true
enforce_private_link_service_network_policies = true
}
variable "resource_group_name" {
}
variable "virtual_network_name" {
}
Modules/subnet/output.tf
output "subnet_id" {
value = azurerm_subnet.module-spoke-subnet.*.id
}
Modules/subnet_association/main.tf
resource "azurerm_subnet_route_table_association" "module-subnet-association" {
subnet_id = var.subnet_id
route_table_id = var.route_table_id
}
variable "subnet_id" {
}
variable "route_table_id" {
}
and I`m getting the error
Error: Incorrect attribute value type
│
│ on ..\..\modules\Subnet_association\main.tf line 20, in resource "azurerm_subnet_route_table_association" "module-subnet-association":
│ 20: subnet_id = var.subnet_id
│ ├────────────────
│ │ var.subnet_id is tuple with 1 element
│
│ Inappropriate value for attribute "subnet_id": string required.

Output subnet_id is a list of elements. Hence, if you want to create association for each subnet try below:
resource "azurerm_subnet_route_table_association" "module-subnet-association" {
count = length(module.subnet[*].subnet_id)
subnet_id = module.subnet[count.index]. subnet_id
route_table_id = var.route_table_id
}
Or if you are creating only one subnet try below:
resource "azurerm_subnet_route_table_association" "module-subnet-association" {
subnet_id = module.subnet[0]. subnet_id
route_table_id = var.route_table_id
}