Windows agent pools can only be added to AKS clusters using Azure-CNI

Terraform Providers Azure
1

I am trying to Terraform an Azure Kubernetes Service cluster (AKS) with a Windows node pool but I get the following error:

Error: creating Managed Kubernetes Cluster “example-aks1” (Resource Group “test-aks-resource”): containerservice.ManagedClustersClient#CreateOrUpdate: Failure sending request: StatusCode=0 – Original Error: Code=“AzureCNIOnlyForWindows” Message=“Windows agent pools can only be added to AKS clusters using Azure-CNI.”

And here is the screen shot of the command line:

image
image1421×387 14.2 KB

The code I am using is this:

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = ">= 2.63.0"
    }
  }
}

provider "azurerm" {
  features {}
}

resource "azurerm_resource_group" "example" {
  name     = "test-aks-resource"
  location = "Central US"
}

resource "azurerm_kubernetes_cluster" "aks" {
  name                = "example-aks1"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  dns_prefix          = "exampleaks1"
  default_node_pool {
    name       = "default"
    node_count = 1
    vm_size    = "Standard_D2_v2"
  }

  identity {
    type = "SystemAssigned"
  }

  windows_profile {
    admin_username = "adminusername"
    admin_password = "xxxxxxxxxxxxx"
  }

  tags = {
    Environment = "dev"
  }
}

resource "azurerm_kubernetes_cluster_node_pool" "windows_node_pool" {
  kubernetes_cluster_id = azurerm_kubernetes_cluster.aks.id
  orchestrator_version  = azurerm_kubernetes_cluster.aks.kubernetes_version
  name                  = "winnp"
  node_count            = 1
  vm_size               = "Standard_D2_v2"
  os_type               = "Windows"
}

output "client_certificate" {
    sensitive = true
    value = azurerm_kubernetes_cluster.aks.kube_config.0.client_certificate
}

output "kube_config" {
    sensitive = true
    value = azurerm_kubernetes_cluster.aks.kube_config_raw
}

Just a note that if I remove the following block from the Terraform code I get a different error:

  windows_profile {
    admin_username = "adminusername"
    admin_password = "xxxxxxxxxxxxx"
  }

The error that I get is:

Error: creating/updating Managed Kubernetes Cluster Node Pool “winnp” (Resource Group “test-aks-resource”): containerservice.AgentPoolsClient#CreateOrUpdate: Failure sending request: StatusCode=0 – Original Error: Code=“WindowsProfileMissing” Message=“Windows profile definition is missing for the cluster.”

Screen shot of the command line:

image
image1419×242 12.2 KB

And obviously if I remove the “azurerm_kubernetes_cluster_node_pool” block of code the AKS is created with a default Linux node pool.

So my question is: how can I add a Windows node pool to an AKS?

2

Turned out I had to include a network adapter in “azurerm_kubernetes_cluster”:

network_profile {
   network_plugin = "azure"
}

More details:

Terraform Registry