Hi Everyone,
I've started working on Terraform with Azure recently , i'm looking for help in below concern.
I’m trying to procure AKS cluster with Kubenet with UDR. I’ve created route table and associated with existing subnet and Subnet associated with existing NSG. During Route table time i’m giving some custom routes which has my VPN connectivity (i’m under corporate network). and also creating another default route “0.0.0.0/0” with next_hop_type as “Internet” . I was able to create Cluster until kubernetes orchestration version “15.10”.later some this version is not supported by azure. Whenever i’ve upgraded orchestration version to latest , i’m getting error like below
Original Error: Code=“RouteTableInvalidNextHop” Message="Default route 0.0.0.0/0 has a next hop of Internet but only next hops of VirtualAppliance or VirtualNetworkGateway are allowed. Please see http://aka.ms/aks/outboundtype for more details
Note: I’m aware that 0.0.0.0/0 is default and its not need to add it route table . but AKS cluster failing when its not present in the route table. So i’ve added it intentionally .
Here is my complete code snippet. Kindly help me in this . I may missed somewhere so kindly help me to achieve this.
provider "azurerm" {
version = "~> 2.15"
features {}
}
resource "azurerm_resource_group" "aks" {
name = var.resource_group
l ocation = var.location
}
data "azurerm_subnet" "aks" {
name = var.subnetname
virtual_network_name = var.virtual_network_name
resource_group_name = var.vnet_resource_group
}
resource "azurerm_route_table" "aks"{
name = "aks"
resource_group_name = azurerm_resource_group.aks.name
location = azurerm_resource_group.aks.location
disable_bgp_route_propagation = false
route{
name = var.route_name
address_prefix = var.route_address_prefix
next_hop_type = var.route_next_hop_type
}
route{
name = "default_route"
address_prefix = "0.0.0.0/0"
next_hop_type = "Internet"
}
}
resource "azurerm_subnet_route_table_association" "aks" {
subnet_id = data.azurerm_subnet.aks.id
route_table_id = azurerm_route_table.aks.id
}
resource "azurerm_subnet_network_security_group_association" "aks" {
subnet_id = data.azurerm_subnet.aks.id
network_security_group_id = var.network_security_group
}
resource "null_resource" "previous" {}
resource "time_sleep" "wait_90_seconds" {
depends_on = [null_resource.previous]
create_duration = "90s"
}
resource "null_resource" "next" {
depends_on = [time_sleep.wait_90_seconds]
}
resource "azurerm_kubernetes_cluster" "aks" {
name = azurerm_resource_group.aks.name
resource_group_name = azurerm_resource_group.aks.name
location = azurerm_resource_group.aks.location
dns_prefix = "akstfe"
kubernetes_version = "1.18.8"
private_cluster_enabled = false
node_resource_group = var.node_resource_group
api_server_authorized_ip_ranges = [] #var.api_server_authorized_ip_ranges
default_node_pool {
enable_node_public_ip = false
name = "agentpool"
node_count = var.node_count
orchestrator_version = "1.18.8"
vm_size = var.vm_size
os_disk_size_gb = var.os_disk_size_gb
vnet_subnet_id = data.azurerm_subnet.aks.id
}
linux_profile {
admin_username = var.admin_username
ssh_key {
key_data = var.ssh_key
}
}
service_principal {
client_id = var.client_id
client_secret = var.client_secret
}
role_based_access_control {
enabled = true
}
network_profile {
network_plugin = "kubenet"
#dns_service_ip = "172.17.1.10"
#service_cidr = "172.16.0.0/14"
pod_cidr = "172.40.0.0/16"
network_policy = "calico"
outbound_type = "userDefinedRouting"
load_balancer_sku = "Standard"
}
addon_profile {
aci_connector_linux {
enabled = false
}
azure_policy {
enabled = false
}
http_application_routing {
enabled = false
}
kube_dashboard {
enabled = false
}
oms_agent {
enabled = false
}
}
depends_on = [azurerm_subnet_route_table_association.aks]
}