I have installed ML and compute cluster (azurerm_machine_learning_compute_cluster) and I route my netwok traffic to an azure firewall.
My terraform apply went fine and created the compute cluster, but if I run terraform apply again it wil destroy and add the compute cluster …
I get the below UdrValidationWarning which I think is the reason my compute cluster will be destroyed and added each time I run terraform apply ?
Is it not possible to route the network traffic to a firewall without a compute cluster replace at each terraform apply ?
What have I missed ?
Thanks
Carsten
Output:
Note: Objects have changed outside of Terraform
Terraform detected the following changes made outside of Terraform since the
last “terraform apply”:
azurerm_machine_learning_compute_cluster.forskerpl-mlcluster has been changed
~ resource “azurerm_machine_learning_compute_cluster” “forskerpl-mlcluster” {
id = “/subscriptions/xxxxxx/resourceGroups/forskerpl-7jemee-rg/providers/Microsoft.MachineLearningServices/workspaces/forskerpl-7jemee-mlw/computes/forskerpl7jemee”
name = “forskerpl7jemee”
tags = {
“UdrValidationWarning” = “The following IP ranges or service tags are routed to a NetworkVirtualAppliance or a VirtualNetworkGateway. If the NetworkVirtualAppliance or the VirtualNetworkGateway do not re-route these IP ranges to Internet, that might cause a failure. IP ranges: BatchNodeManagement=[13.69.65.64/26,13.69.106.128/26,13.69.125.173/32,13.73.153.226/32,13.73.157.134/32,13.80.117.88/32,13.81.1.133/32,13.81.59.254/32,13.81.63.6/32,13.81.104.137/32,13.94.214.82/32,13.95.9.27/32,20.50.1.64/26,23.97.180.74/32,40.68.100.153/32,40.68.191.54/32,40.68.218.90/32,40.115.50.9/32,52.166.19.45/32,52.174.33.113/32,52.174.34.69/32,52.174.35.218/32,52.174.38.99/32,52.174.176.203/32,52.174.179.66/32,52.174.180.164/32,52.233.157.9/32,52.233.157.78/32,52.233.161.238/32,52.233.172.80/32,52.236.186.128/26,104.40.183.25/32,104.45.13.8/32,104.47.149.96/32,137.116.193.225/32,168.63.5.53/32,191.233.76.85/32]. For more information about inbound configuration, please refer to Configure inbound and outbound network traffic - Azure Machine Learning | Microsoft Docs”
“source” = “Terraform”
}
# (6 unchanged attributes hidden)
~ identity {
+ identity_ids = []
# (3 unchanged attributes hidden)
}
# (1 unchanged block hidden)
}
Unless you have made equivalent changes to your configuration, or ignored the
relevant attributes using ignore_changes, the following plan may include
actions to undo or respond to these changes.
─────────────────────────────────────────────────────────────────────────────
Terraform used the selected providers to generate the following execution
plan. Resource actions are indicated with the following symbols:
-/+ destroy and then create replacement
Terraform will perform the following actions:
azurerm_machine_learning_compute_cluster.forskerpl-mlcluster must be replaced
-/+ resource “azurerm_machine_learning_compute_cluster” “forskerpl-mlcluster” {
~ id = “/subscriptions/xxxxxxx/resourceGroups/forskerpl-7jemee-rg/providers/Microsoft.MachineLearningServices/workspaces/forskerpl-7jemee-mlw/computes/forskerpl7jemee” → (known after apply)
name = “forskerpl7jemee”
~ tags = { # forces replacement
- “UdrValidationWarning” = “The following IP ranges or service tags are routed to a NetworkVirtualAppliance or a VirtualNetworkGateway. If the NetworkVirtualAppliance or the VirtualNetworkGateway do not re-route these IP ranges to Internet, that might cause a failure. IP ranges: BatchNodeManagement=[13.69.65.64/26,13.69.106.128/26,13.69.125.173/32,13.73.153.226/32,13.73.157.134/32,13.80.117.88/32,13.81.1.133/32,13.81.59.254/32,13.81.63.6/32,13.81.104.137/32,13.94.214.82/32,13.95.9.27/32,20.50.1.64/26,23.97.180.74/32,40.68.100.153/32,40.68.191.54/32,40.68.218.90/32,40.115.50.9/32,52.166.19.45/32,52.174.33.113/32,52.174.34.69/32,52.174.35.218/32,52.174.38.99/32,52.174.176.203/32,52.174.179.66/32,52.174.180.164/32,52.233.157.9/32,52.233.157.78/32,52.233.161.238/32,52.233.172.80/32,52.236.186.128/26,104.40.183.25/32,104.45.13.8/32,104.47.149.96/32,137.116.193.225/32,168.63.5.53/32,191.233.76.85/32]. For more information about inbound configuration, please refer to Configure inbound and outbound network traffic - Azure Machine Learning | Microsoft Docs” → null
# (1 unchanged element hidden)
}
# (6 unchanged attributes hidden)
~ identity {
- identity_ids = [] -> null
~ principal_id = "xxx" -> (known after apply)
~ tenant_id = "xxx" -> (known after apply)
# (1 unchanged attribute hidden)
}
# (1 unchanged block hidden)
}
Plan: 1 to add, 0 to change, 1 to destroy.