https://pulumi.com logo
Title
b

breezy-cricket-40277

07/24/2020, 3:36 PM
Update Strategy Azure Kubernetes Service with
[diff: ~addonProfile]
. What’s the deal with this? I didn’t change any code on my Pulumi code and I get this update strategy that basically
diffs
my kubeconfig (to be the same one) and a bunch of
metadata and provider
changes without no code changes whatsoever.
Using typescript btw!
g

gentle-diamond-70147

07/24/2020, 9:00 PM
Can you provide the output of
pulumi preview --diff
?
b

better-rainbow-14549

07/27/2020, 7:30 AM
b

breezy-cricket-40277

07/27/2020, 10:17 AM
@better-rainbow-14549 Yep, my issue is similar to yours. Also almost the same versions of the
npm
packages.
b

better-rainbow-14549

07/27/2020, 10:28 AM
i tried going all the way back to azure 3.1.0 and couldnt fix that issue
are you using Standard load balancer?
👍 1
i have a feeling its never worked with a Standard
b

breezy-cricket-40277

07/27/2020, 10:43 AM
Affirmative. Using Standart Load Balancer.
Yep, I also tried doing that, even downgrading to 2.X didn’t help.
b

better-rainbow-14549

07/27/2020, 11:02 AM
ah
might be worth filing a new issue that's more specific about that being the cause
or add to mine
b

breezy-cricket-40277

07/27/2020, 11:10 AM
My temporary workarround for this is to add the
option
ignoreChanges: ["addonProfile"]
to my AKS resource.
b

better-rainbow-14549

07/27/2020, 11:11 AM
i've tried that - does it work for you if you do a
pulumi refresh
it doesnt for me - the invalid inputs always come back
and i get the diagnostic errors about invalid state, rather than a plan to replace/update the cluster
b

breezy-cricket-40277

07/27/2020, 11:12 AM
Another thing that i saw on another colleague’s maintained repo was
kubeDashboard:  { enabled: false }
and this apparently solved the issue without the
ignoreChanges
property.
(which feels really weird to me, but it worked)
I’m currently tearing down my testing cluster, and will try once I provision it again.
👍 1
b

better-rainbow-14549

07/27/2020, 11:13 AM
ah i've not tried that - my issues initially seemed to start when i added a logAnalyticsWorkspaceId which is part of the addonProfiles block and it was at that point that i noticed a refresh caused it regardless of whether there was a log analytics configured or not
b

breezy-cricket-40277

07/27/2020, 2:10 PM
@better-rainbow-14549 Just tested. With the above settings the issue is gone:
@better-rainbow-14549 also without the
ignoreChanges
block.
Have you tried it on your side?
b

better-rainbow-14549

07/27/2020, 5:00 PM
hmm that doesnt work for me - no difference
azure:containerservice:KubernetesCluster (deveu3):
    error: azure:containerservice/kubernetesCluster:KubernetesCluster resource 'deveu3' has a problem: "addon_profile.0.http_application_routing.0.http_application
_zone_name": this field cannot be set
    error: azure:containerservice/kubernetesCluster:KubernetesCluster resource 'deveu3' has a problem: "addon_profile.0.http_application_routing.0.http_application
_zone_name": this field cannot be set
    error: azure:containerservice/kubernetesCluster:KubernetesCluster resource 'deveu3' has a problem: "addon_profile.0.http_application_routing.0.http_application_routing_zone_name": this field cannot be set
    error: azure:containerservice/kubernetesCluster:KubernetesCluster resource 'deveu3' has a problem: Can not parse "addon_profile.0.oms_agent.0.log_analytics_workspace_id" as a resource id: Cannot parse Azure ID: parse "": empty url   
    error: azure:containerservice/kubernetesCluster:KubernetesCluster resource 'deveu3' has a problem: "addon_profile.0.oms_agent.0.oms_agent_identity": this field cannot be set
    error: azure:containerservice/kubernetesCluster:KubernetesCluster resource 'deveu3' has a problem: expected "addon_profile.0.aci_connector_linux.0.subnet_name" to not be an empty string, got
thats the first update after doing a refresh
b

breezy-cricket-40277

07/27/2020, 5:15 PM
What are your settings for the AKS resource?
b

better-rainbow-14549

07/27/2020, 5:16 PM
name: args.Name,
        resourceGroupName: args.ResourceGroup.name,
        location: args.Location,
        dnsPrefix: args.Name,
        servicePrincipal: {
            clientId: app.application.applicationId,
            clientSecret: app.servicePrincipalPassword.value
        },
        defaultNodePool: {
            name: args.AgentPoolProfileName,
            nodeCount: args.NodeCount,
            maxPods: args.MaxPods,
            type: "VirtualMachineScaleSets",
            enableAutoScaling: false,
            enableNodePublicIp: false,
            osDiskSizeGb: args.OsDiskSizeGb,
            vmSize: args.NodeSize,
            vnetSubnetId: subnet.id
        },
        networkProfile: {
            networkPlugin: "azure",
            loadBalancerSku: "Standard",
            serviceCidr: "192.168.200.0/22",
            dnsServiceIp: "192.168.200.2",
            dockerBridgeCidr: "172.17.0.1/16"
        },
        apiServerAuthorizedIpRanges: undefined,
        addonProfile: {
            kubeDashboard: {
                enabled: false
            },
            httpApplicationRouting: {
                enabled: false
            }
        },
just been looking through the terraform but can't see anything obvious causing it
b

breezy-cricket-40277

07/27/2020, 5:23 PM
This seems to be provider related. But is the Kubernetes provider bridged from terraform or it’s Pulumi native? I think it’s bridged, right?
b

better-rainbow-14549

07/27/2020, 5:24 PM
yeah
cant see any bug reports about this specifically, closed or open
any chance you could post your stack state for the kubernetesCluster resource
or just confirm if it looks anything like the example in my pulumi issue
b

breezy-cricket-40277

07/27/2020, 5:28 PM
Sure thing
b

better-rainbow-14549

07/27/2020, 5:29 PM
ie. like that with the "invalid" addons state block
b

breezy-cricket-40277

07/27/2020, 5:33 PM
b

better-rainbow-14549

07/27/2020, 5:39 PM
is AksCluster a custom resource / component you've made?
my full state looks like that:
i have to go - thanks for your help, will try and do more investigating tomorrow
cheers
b

breezy-cricket-40277

07/27/2020, 5:46 PM
I’ve created a
componentResource
that encompasses my AKS among other things, like
vnets
`acrPull`assignments and so on.
But my AKS declaration is pretty standart, so this might be the reason why my state looks so small compared to yours.
b

better-rainbow-14549

07/28/2020, 6:09 AM
i think you've copied the state only for your componentResource - there should be another state entry for a kubernetesCluster
if everything was defaults a refresh would still pull in state from azure itself, and would be a Basic load balancer
👍 1