I am working on Azure Kubernetes service. I am creating AKS through portal successfully. But, I need to do it through the ARM Templates.
How to create AKS with help of ARM Templates?
For this, I followed link
But, here am receiving an issue like:
Code : InvalidTemplate
Message : Deployment template validation failed: 'The template
resource
'AKSsubnet/Microsoft.Authorization/36985XXX-XXXX-XXXX-XXXX-5fb6b7ebXXXX'
for type
'Microsoft.Network/virtualNetworks/subnets/providers/roleAssignments'
at line '53' and column '9' has incorrect segment lengths. A
nested resource type must have identical number of segments as its resource name. A root resource type must have segment length
one greater than its resource name. Please see https://aka.ms/arm-template/#resources for usage details.'.
How to create AKS with help of ARM Templates?
One of the most direct methods, navigate to creating AKS page in the portal, fill the attributes, click Download a template for automation, then you will get the template.
You could test the template in the Custom deployment, it will work fine.
Old thread but here is why the AKS Advanced Networking ARM Template is not working for you.
One of the steps in the deployment assigns the SP as a contributor to the newly created AKS subnets so that the SP can work its advanced networking magic.
In order to assign a role in a RG one needs to have Owner permissions on that RG.
I suspect you have provided the incorrectly formatted string in the "name" field of the resource. It should follow the pattern like this- "{resource-name}/Microsoft.Authorization/{role-assign-GUID}"
More on this here- https://learn.microsoft.com/en-us/azure/role-based-access-control/role-assignments-template#resource
Related
I want to display a dynamic error that shows up when a wrong name for storage account is entered(that does not follow Azure naming conventions) while deploying an ARM template. Right now i am taking input from user as parameter but no error message shows up. Is there a way to achieve this.
Azure has this feature as shown in the image below when we create a storage account but i dont know how to implement this using ARM template.
Azure error when wrong storageaccount name is entered
I am afraid that this feature is not available for now in ARM Templates.
Please look at these feedback:
ARM template parameter validation
Resource Group Template parameter validation
I have a consomosDB in my azure account created by a script, I want to create an ARM template to manage the resource deployment by ARM template going forward, how can I make sure that ARM template doesn't recreate/overwrite the resource as it is the first time going to be deployed using ARM template?
ARM template willnot recreate/overwrite the existing resource, if the resource is specified in the template. It will update the resource if the property values for a resource are changed. See below extract from the official document.
Resource Manager tries to create all resources specified in the template. If the resource already exists in the resource group and its settings are unchanged, no operation is taken for that resource. If you change the property values for a resource, the resource is updated with those new values. If you try to update the location or type of an existing resource, the deployment fails with an error. Instead, deploy a new resource with the location or type that you need.
In complete mode, Resource Manager deletes resources that exist in the resource group but aren't specified in the template
If you don't specify certain properties, Resource Manager interprets the deployment as overwriting those values. Properties that aren't included in the template are reset to the default values. Specify all non-default values for the resource, not just the ones you're updating
So if you want the existing resource remain intact, you can export the resource template from Azure Portal to make sure all the properties are specified and not changed.
You can also lock the resource, set the lock level to CanNotDelete or ReadOnly to keep the resource from deleted or modified. Check document Lock resources to prevent unexpected changes for more information.
To modify existing resources using ARM templates, export the template for the resource from within the Azure Portal. Then download it locally. You can then modify it to update settings for Cosmos resources. ARM templates have api-versions. This will coincide with the underlying version in PS or CLI that you used to create the Cosmos account. When modifying the ARM template you will need to note the api-version and then refer to that version Cosmos DB schema reference to ensure the properties match the api-version in the template you deployed.
My issue is related to Azure ARM
I want to populate the parameters allowed list with values, taken from the current resource group.
To be clear - I want to place a virtual machine to virtual network subnet, but I don't want to enter vNet name manually. I already have find a way to get resourcegroup id, resource group name, subscription id but it seems what there is no way to get a list of objects from here - only if I know resource name, please tell me - it is possible at all?
No, this is not possible at all with ARM Templates. What you can do - you can use powershell script that would pull those values and the user will pick one of those values before the deployment (using Out-GridView, for example).
I want to create VDI in azure but I'm facing the following issue while creating windows host pool
Deployment template validation failed: 'The provided value 'Microsoft.WindowsAzure.ResourceStack.Frontdoor.Common.Entities.TemplateGenericProperty`1[Newtonsoft.Json.Linq.JToken]' for the template parameter 'newOrExistingVnet' at line '152' and column '24' is not valid. The parameter value is not part of the allowed value(s): 'existing'.'.
This workaround assumes that you're getting this error in the portal:
First manually create the Resource Group and VNet.
Then within the VNet, add a service endpoint to e.g. Azure AD.
Next
rerun the wizard, this time choosing the Resource Group and VNet you
previously created. The template should validate successfully
When I create an AKS cluster using Azure portal I can see that new resource groups are created. It seems that I have no control over how they are named, especially the one with with "MC_" prefix. I also don't see an option to change its name when using ARM template.
In addition, if I create a cluster in customer's subscription, where I only have access to 1 resource group, I don't even see the newly created RG and can't manage it.
Is there a way to force deployment of all AKS components into a single resource group?
No, there is no way to force it at this point in time. As for the access, you should request access to that RG. No real workarounds.
Secondary resource group name can be inferred, I think, its something like:
MC_original-resource-group-name_aks-resource-name_location
it also creates OMS resource group (if you enable OMS) and Network Watcher (this can be disabled, btw, but its a provider setting). you have no control over that as well.
there is a not implemented yet nodeResourceGroup property: https://learn.microsoft.com/en-us/rest/api/aks/managedclusters/createorupdate#examples
EDIT: this is actually working right now, so the nodeResourceGroup property can be used. But it would still be a new resource group, so you would still need to request access to that group and using this property is not possible with the portal (so ARM Templates\pulumi\terraform)