Terraform-provider-azurerm: AKS Disabling OMS Agent

Created on 13 Aug 2019  ·  5Comments  ·  Source: terraform-providers/terraform-provider-azurerm

I am trying to disable oms agent for my AKS cluster. I am using the following versions:

Terraform v0.12.6
+ provider.azurerm v1.32.1
+ provider.chef v0.2.0
+ provider.random v2.1.2
+ provider.template v2.1.2

provider "azurerm" {
  version = "= 1.32.1"
}

Firstly with this block in the in definition it complaints about missing required attribute log_analytics_workspace_id in the oms_agent block.

  addon_profile {
    oms_agent {
      enabled = false
    }
  }

Error: Missing required argument

  on aks-cluster.tf line 45, in resource "azurerm_kubernetes_cluster" "aks-cluster":
  45:     oms_agent {

The argument "log_analytics_workspace_id" is required, but no definition was
found.

I think when I am setting it as false it should look for it. Also even when I am supplying a dummy value is does not work.

  addon_profile {
    oms_agent {
      enabled = false
      log_analytics_workspace_id = "1231-123-123-123-1231231"
    }
  }

Error: Can not parse "addon_profile.0.oms_agent.0.log_analytics_workspace_id" as a resource id: Cannot parse Azure ID: parse 1231-123-123-123-1231231: invalid URI for request

  on aks-cluster.tf line 21, in resource "azurerm_kubernetes_cluster" "aks-cluster":
  21: resource "azurerm_kubernetes_cluster" "aks-cluster" {
bug servickubernetes-cluster upstream-microsoft
Source
picture shauryagarg2006
👍3

All 5 comments

Edit: removed wrong conclusions.

I've been doing some research around this and modified the provider to change the behavior but it looks like this is actually a problem that ultimately rests with the Azure API.

The following code creates a cluster with no addon profiles : 

resource "azurerm_kubernetes_cluster" "test" {
  name                = "test"
  location            = "${azurerm_resource_group.test.location}"
  resource_group_name = "${azurerm_resource_group.test.name}"
  dns_prefix          = "test"

  linux_profile {
    admin_username = "test"
  }

  agent_pool_profile {
    name    = "default"
    count   = "1"
    vm_size = "Standard_DS2_v2"
  }

  service_principal {
    client_id     = "XXXXX"
    client_secret = "XXXXX"
  }
}

Running terraform plan will show the following:

```# azurerm_kubernetes_cluster.test will be created

  • resource "azurerm_kubernetes_cluster" "test" {

    • dns_prefix = "test"

    • enable_pod_security_policy = (known after apply)

    • fqdn = (known after apply)

    • id = (known after apply)

    • kube_admin_config = (known after apply)

    • kube_admin_config_raw = (sensitive value)

    • kube_config = (known after apply)

    • kube_config_raw = (sensitive value)

    • kubernetes_version = (known after apply)

    • location = "southeastasia"

    • name = "test"

    • node_resource_group = (known after apply)

    • resource_group_name = "test"

    • tags = (known after apply)

  + addon_profile {
      + aci_connector_linux {
          + enabled     = (known after apply)
          + subnet_name = (known after apply)
        }

      + http_application_routing {
          + enabled                            = (known after apply)
          + http_application_routing_zone_name = (known after apply)
        }

      + kube_dashboard {
          + enabled = (known after apply)
        }

      + oms_agent {
          + enabled                    = (known after apply)
          + log_analytics_workspace_id = (known after apply)
        }
    }
    ...
}


Note the `addon_profile` section that shows all values as computed (that doesn't happen if you provide at least one of the addons configuration).

Describing the cluster with the cli (`az aks list`) will by any mean show
 ```
    "addonProfiles": null,

After modifying the provider to send only the enabled: false value for the oms_agent block (making the log_analytics_workspace_id optional and not sending it unspecified), you will by any mean get this error:

Error: Error creating/updating Managed Kubernetes Cluster "test" (Resource Group "test"): containerservice.ManagedClustersClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="LinkedInvalidPropertyId" Message="Property id '' at path 'properties.addonProfiles.omsagent.config.logAnalyticsWorkspaceResourceID' is invalid. Expect fully qualified resource Id that start with '/subscriptions/{subscriptionId}' or '/providers/{resourceProviderNamespace}/'."

Basically, this is something that needs to be fixed at the API level before it can be fixed in the provider.

MacTynow picture MacTynow on 25 Sep 2019
👍1

I believe this may be fixed by #4513

katbyte picture katbyte on 5 Oct 2019
👍1

Fixed by #4513

katbyte picture katbyte on 7 Oct 2019

This has been released in version 1.36.0 of the provider. Please see the Terraform documentation on provider versioning or reach out if you need any assistance upgrading. As an example:

provider "azurerm" {
    version = "~> 1.36.0"
}
# ... other configuration ...
hashibot[bot] picture hashibot[bot] on 29 Oct 2019

I'm going to lock this issue because it has been closed for _30 days_ ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!

hashibot[bot] picture hashibot[bot] on 6 Nov 2019
Was this page helpful?
0 / 5 - 0 ratings

Related issues

sam-cogan picture sam-cogan  ·  3Comments
voyera picture voyera  ·  3Comments
tomasaschan picture tomasaschan  ·  3Comments
jansepke picture jansepke  ·  3Comments
Lachlan-White picture Lachlan-White  ·  3Comments