You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Describe the bug
When using command-line parameters for az aro create to install a completed private cluster, a public IP address is still created. This fails when Azure Policy prevents creation of this resource type
The same behaviour is seen when creating a cluster from the supplied ARM template, suggesting that the public IP is baked in to the underlying platform code that builds out the cluster.
Message: {"code":"InvalidTemplateDeployment","message":"The template deployment failed because of policy violation. Please see details for more information.","target":null,"details":[{"additionalInfo":[{"info":{"evaluationDetails":{"evaluatedExpressions":[{"expression":"type","expressionKind":"Field","expressionValue":"Microsoft.Network/publicIPAddresses","operator":"Equals","path":"type","result":"True","targetValue":"Microsoft.Network/publicIPAddresses"}]},"policyAssignmentDisplayName":"Deny-PublicIP","policyAssignmentId":"/providers/Microsoft.Management/managementGroups/HighwaysEngland/providers/Microsoft.Authorization/policyAssignments/2f7e2059334d43c19bedf23b","policyAssignmentName":"2f7e2059334d43c19bedf23b","policyAssignmentParameters":{},"policyAssignmentScope":"/providers/Microsoft.Management/managementGroups/HighwaysEngland","policyDefinitionDisplayName":"Deny-PublicIP","policyDefinitionEffect":"deny","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/HighwaysEngland/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicIP","policyDefinitionName":"Deny-PublicIP"},"type":"PolicyViolation"}],"code":"RequestDisallowedByPolicy","message":"Resource 'heaukscorpdevremarocl-hcw9n-pip-v4' was disallowed by policy. Policy identifiers: '[{\"policyAssignment\":{\"name\":\"Deny-PublicIP\",\"id\":\"/providers/Microsoft.Management/managementGroups/HighwaysEngland/providers/Microsoft.Authorization/policyAssignments/2f7e2059334d43c19bedf23b\"},\"policyDefinition\":{\"name\":\"Deny-PublicIP\",\"id\":\"/providers/Microsoft.Management/managementGroups/HighwaysEngland/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicIP\"}}]'.","target":"heaukscorpdevremarocl-hcw9n-pip-v4"}],"innererror":null,"additionalInfo":null}
Expected behavior
When creating a private cluster, no public facing components should be created.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
All platforms
Smartphone (please complete the following information):
N/A
The text was updated successfully, but these errors were encountered:
Describe the bug
When using command-line parameters for az aro create to install a completed private cluster, a public IP address is still created. This fails when Azure Policy prevents creation of this resource type
The same behaviour is seen when creating a cluster from the supplied ARM template, suggesting that the public IP is baked in to the underlying platform code that builds out the cluster.
To Reproduce
Steps to reproduce the behavior:
Message: {"code":"InvalidTemplateDeployment","message":"The template deployment failed because of policy violation. Please see details for more information.","target":null,"details":[{"additionalInfo":[{"info":{"evaluationDetails":{"evaluatedExpressions":[{"expression":"type","expressionKind":"Field","expressionValue":"Microsoft.Network/publicIPAddresses","operator":"Equals","path":"type","result":"True","targetValue":"Microsoft.Network/publicIPAddresses"}]},"policyAssignmentDisplayName":"Deny-PublicIP","policyAssignmentId":"/providers/Microsoft.Management/managementGroups/HighwaysEngland/providers/Microsoft.Authorization/policyAssignments/2f7e2059334d43c19bedf23b","policyAssignmentName":"2f7e2059334d43c19bedf23b","policyAssignmentParameters":{},"policyAssignmentScope":"/providers/Microsoft.Management/managementGroups/HighwaysEngland","policyDefinitionDisplayName":"Deny-PublicIP","policyDefinitionEffect":"deny","policyDefinitionId":"/providers/Microsoft.Management/managementGroups/HighwaysEngland/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicIP","policyDefinitionName":"Deny-PublicIP"},"type":"PolicyViolation"}],"code":"RequestDisallowedByPolicy","message":"Resource 'heaukscorpdevremarocl-hcw9n-pip-v4' was disallowed by policy. Policy identifiers: '[{\"policyAssignment\":{\"name\":\"Deny-PublicIP\",\"id\":\"/providers/Microsoft.Management/managementGroups/HighwaysEngland/providers/Microsoft.Authorization/policyAssignments/2f7e2059334d43c19bedf23b\"},\"policyDefinition\":{\"name\":\"Deny-PublicIP\",\"id\":\"/providers/Microsoft.Management/managementGroups/HighwaysEngland/providers/Microsoft.Authorization/policyDefinitions/Deny-PublicIP\"}}]'.","target":"heaukscorpdevremarocl-hcw9n-pip-v4"}],"innererror":null,"additionalInfo":null}
Expected behavior
When creating a private cluster, no public facing components should be created.
Screenshots
If applicable, add screenshots to help explain your problem.
Desktop (please complete the following information):
All platforms
Smartphone (please complete the following information):
N/A
The text was updated successfully, but these errors were encountered: