Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support for node_network_profile #524

Open
1 task done
RelaxingLoki475 opened this issue Mar 14, 2024 · 6 comments
Open
1 task done

Support for node_network_profile #524

RelaxingLoki475 opened this issue Mar 14, 2024 · 6 comments

Comments

@RelaxingLoki475
Copy link

Is there an existing issue for this?

  • I have searched the existing issues

Description

Have the ability to manage node_network_profile to set application_security_group_ids in order to improve NSG management.

New or Affected Resource(s)/Data Source(s)

azurerm_kubernetes_cluster

Potential Terraform Configuration

No response

References

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster#node_network_profile

@zioproto
Copy link
Collaborator

@jramacpr
Copy link

jramacpr commented Nov 1, 2024

I face the same issue when trying to attach an ASG with the node pool of the aks. Though terraform provides option to include the ASG inside the node network profile, it seems it do not work as expected.

  default_node_pool {
      name                   = var.agents_pool_name
      node_count             = var.agents_count
      vm_size                = var.agents_size
      vnet_subnet_id         = data.azurerm_subnet.subnet.id
      auto_scaling_enabled   = var.enable_auto_scaling
      max_count              = var.max_count
      min_count              = var.min_count
      node_public_ip_enabled = var.enable_node_public_ip
      max_pods               = var.agents_max_pods
      node_network_profile {
          application_security_group_ids = [data.azurerm_application_security_group.vm_asg.id]
      }
      upgrade_settings {
        max_surge = "10%"
      }
  }

After applying this ,the default node pool's vm scale set has no ASG's associated with it .Any manual association of the ASG is getting reverted to the original state(state from terraform config ,which sees as NO ASG's to be attached to the vm scale set).So as a result currently attaching the ASG with the node network profile is not working as expected

@zioproto
Copy link
Collaborator

zioproto commented Nov 4, 2024

@jramacpr I understand you are trying to pass the id of an application security group into the
default_node_pool block.

Could you confirm if you are using the module Azure/terraform-azurerm-aks or if you are using the azurerm_kubernetes_cluster resource directly ?

In the module it seems this feature is implemented only for the additional node pools but not for the default node pool:

dynamic "node_network_profile" {

@jramacpr
Copy link

jramacpr commented Nov 4, 2024

@zioproto iam using azurerm_kubernetes_cluster and as per the document it says
A node_network_profile block supports the following:

application_security_group_ids - (Optional) A list of Application Security Group IDs which should be associated with this Node Pool.

@zioproto
Copy link
Collaborator

zioproto commented Nov 4, 2024

@jramacpr I opened PR #598 because it seems the module did not support node_network_profile in the default pool.

However, if you are consuming the resource azurerm_kubernetes_cluster directly you should open an issue at https://github.com/hashicorp/terraform-provider-azurerm/issues because this could be an issue with the upstream provider.

What version of the Hashicorp azurerm provider are you using in your project ?

thanks

@lonegunmanb lonegunmanb removed this from the 8.1.0 milestone Nov 11, 2024
@fuog
Copy link

fuog commented Dec 23, 2024

I face the same issue when trying to attach an ASG with the node pool of the aks. Though terraform provides option to include the ASG inside the node network profile, it seems it do not work as expected.

  default_node_pool {
      name                   = var.agents_pool_name
      node_count             = var.agents_count
      vm_size                = var.agents_size
      vnet_subnet_id         = data.azurerm_subnet.subnet.id
      auto_scaling_enabled   = var.enable_auto_scaling
      max_count              = var.max_count
      min_count              = var.min_count
      node_public_ip_enabled = var.enable_node_public_ip
      max_pods               = var.agents_max_pods
      node_network_profile {
          application_security_group_ids = [data.azurerm_application_security_group.vm_asg.id]
      }
      upgrade_settings {
        max_surge = "10%"
      }
  }

After applying this ,the default node pool's vm scale set has no ASG's associated with it .Any manual association of the ASG is getting reverted to the original state(state from terraform config ,which sees as NO ASG's to be attached to the vm scale set).So as a result currently attaching the ASG with the node network profile is not working as expected

We have the same problem as you describe. Did you find any solution? is the provider the problem?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Development

No branches or pull requests

5 participants