Terraform azurerm http_application_routing clarification

[flavioneri]

Hi everyone,

I'm trying to use the addon_profile/http_application_routing feature released in #1751, but I can't build a fully functional cluster in advanced networking mode with HTTP Routing feature.

I succeed using the same parameters in an ARM Template.
Does someone is experiencing the same behaviour?

My AKS resource code (based on https://github.com/terraform-providers/terraform-provider-azurerm/tree/master/examples/kubernetes-cluster-with-advanced-networking):

resource "azurerm_kubernetes_cluster" "aks_container" {
  name       = "akc-${random_integer.random_int.result}"
  location   = "${var.resource_group_location}"
  dns_prefix = "akc-${random_integer.random_int.result}"
  kubernetes_version = "1.11.2"
  resource_group_name = "${azurerm_resource_group.akc-rg.name}"

  linux_profile {
    admin_username = "${var.linux_admin_username}"

    ssh_key {
      key_data = "${var.linux_admin_ssh_publickey}"
    }
  }

  agent_pool_profile {
    name    = "agentpool"
    count   = "2"
    vm_size = "Standard_DS2_v2"
    os_type = "Linux"

    # Required for advanced networking
    vnet_subnet_id = "${azurerm_subnet.aks_subnet.id}"
  }

  service_principal {
    client_id     = "${var.client_id}"
    client_secret = "${var.client_secret}"
  }

  network_profile {
    network_plugin     = "azure"
    dns_service_ip     = "10.0.0.10"
    docker_bridge_cidr = "172.17.0.1/16"
    service_cidr       = "10.0.0.0/16"
  }

  addon_profile {
    http_application_routing {
      enabled = true
    }
  }
}

[metacpp]

@flavioneri thanks for opening this issue. I tried to reproduce it with below configuration, but could not see any issue.

resource "azurerm_resource_group" "test" {
  name     = "acctestRG1"
  location = "East US"
}

resource azurerm_network_security_group "test_advanced_network" {
  name                = "akc-1-nsg"
  location            = "${azurerm_resource_group.test.location}"
  resource_group_name = "${azurerm_resource_group.test.name}"
}

resource "azurerm_virtual_network" "test_advanced_network" {
  name                = "akc-1-vnet"
  location            = "${azurerm_resource_group.test.location}"
  resource_group_name = "${azurerm_resource_group.test.name}"
  address_space       = ["10.1.0.0/16"]
}

resource "azurerm_subnet" "test_subnet" {
  name                      = "akc-1-subnet"
  resource_group_name       = "${azurerm_resource_group.test.name}"
  network_security_group_id = "${azurerm_network_security_group.test_advanced_network.id}"
  address_prefix            = "10.1.0.0/24"
  virtual_network_name      = "${azurerm_virtual_network.test_advanced_network.name}"
}

resource "azurerm_kubernetes_cluster" "test" {
  name                = "akc-1"
  location            = "${azurerm_resource_group.test.location}"
  resource_group_name = "${azurerm_resource_group.test.name}"
  dns_prefix          = "akc-1"
  kubernetes_version  = "1.11.2"

  linux_profile {
    admin_username = "acctestuser1"

    ssh_key {
      key_data = "***********************************"
    }
  }

  agent_pool_profile {
    name            = "agentpool"
    count           = 2
    vm_size         = "Standard_DS1_v2"
    os_type         = "Linux"

    # Required for advanced networking
    vnet_subnet_id = "${azurerm_subnet.test_subnet.id}"
  }

  service_principal {
    client_id     = "***********************************"
    client_secret = "***********************************"
  }

  network_profile {
    network_plugin     = "azure"
    dns_service_ip     = "10.0.0.10"
    docker_bridge_cidr = "172.17.0.1/16"
    service_cidr       = "10.0.0.0/16"
  }

  addon_profile {
    http_application_routing {
      enabled = true
    }
  }
}

Can you provide more details on I can't build a fully functional cluster in advanced networking mode with HTTP Routing feature. ?

[flavioneri]

Hi @metacpp, are you able to use the HTTP Routing feature after building them with terraform?
On my last test, the cluster was functional, but I can' route any application using this feature.

Om my side, I'll test it again and let you know.
Thank you!

[metacpp]

@flavioneri Yes, i can see the DNS zone after provision. Can you provide more details on I can't rout any application using this feature?

[flavioneri]

@metacpp, I can get the cluster running and the http_routing is running as well.
I saw that I got the error using Azurerm provider version 1.13 and I can't reproduce it using the version 1.15 (the actual version).
Thank you.

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 [email protected]. Thanks!