Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[BUG] GH Action - Deploy Infrastructure Fails on Deploy AKS in Spoke #119

Closed
jgardner04 opened this issue Mar 7, 2024 · 2 comments · Fixed by #120
Closed

[BUG] GH Action - Deploy Infrastructure Fails on Deploy AKS in Spoke #119

jgardner04 opened this issue Mar 7, 2024 · 2 comments · Fixed by #120
Assignees
@mosabami
Labels
bug Something isn't working

Comments

@jgardner04
Copy link
Contributor

Describe the bug
When running the Deploy Enterprise Landing Zone Hub & Spoke Infrastructure via the GitHub Action I get an error in the Deploy AKS in Spoke. The error is outlined below.

Error: WARNING: /home/runner/work/AKS-Landing-Zone-Accelerator/AKS-Landing-Zone-Accelerator/Scenarios/AKS-Secure-Baseline-PrivateCluster/Bicep/06-AKS-cluster/modules/policy/policy.bicep(3,13) : Warning no-loc-expr-outside-params: Use a parameter here instead of 'resourceGroup().location'. 'resourceGroup().location' and 'deployment().location' should only be used as a default value for parameters.

The error is coming from the Bicep Linter no-loc-expr-outside-params rule.

To Reproduce
Steps to reproduce the behavior:

  1. Fork the Repo
  2. Follow the AKS landing zone accelerator - Private Cluster Scenario for Bicep guide for Deploying using GitHubActions
  3. Create the Microsoft Entra accoutns
  4. Configure OpenID Connect in Azure
  5. Create PAT
  6. Register Resource Providers
  7. Set GH Actions secrets
  8. Trigger the Deploying Enterprise Landing Zone Hub & Spoke Infrastructure GitHub Actions Workflow.
  9. See Error

Expected behavior
The GH Action would complete, and the infrastructure would be deployed.

Additional context
The fork is up to date with commit e1090f0.
@jgardner04 jgardner04 added the bug Something isn't working label Mar 7, 2024
@jgardner04
Copy link
Contributor Author

It looks like the issue is here The location should be set to a parameter, the default value of the parameter can be resourceGroup().location

it would look like

param location string = resourceGroup().location

resource DefAKSAssignment 'Microsoft.Authorization/policyAssignments@2021-06-01' = if (environment().name == 'AzureCloud') {
  name: 'EnableDefenderForAKS'
  location: location
...
}

I will work up a fix and get a PR in as soon as I can.

@jgardner04 jgardner04 mentioned this issue Mar 7, 2024
Merged
@jgardner04
Copy link
Contributor Author

In testing the deployment ran into additional linting issues with the policy.bicep file. The linter is throwing an additional error that the policyDefinitionId needs to be in a parameter as well. I will update the PR with this after testing.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mosabami mosabami

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Move Azure Policy location to parameter jgardner04/AKS-Landing-Zone-Accelerator
2 participants
@jgardner04 @mosabami