Issue: Terraform throws an error when deploying Azure AKS with Proxy configuration

[bkuliqi]

Is there an existing issue for this?

• I have searched the existing issues

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.1.7

AzureRM Provider Version

3.9.0

Affected Resource(s)/Data Source(s)

azurerm_kubernetes_cluster

Terraform Configuration Files

terraform {
  required_providers {
    azurerm = {
      source = "hashicorp/azurerm"
      version = "3.9.0"
    }
  }
}

provider "azurerm" {
  features {
    
  }
}






resource "azurerm_kubernetes_cluster" "example-aks" {
  name                = "<aks-name>"
  location            = "centralus"
  resource_group_name = "<rg-name>"
  dns_prefix          = "<aks-name>"

  default_node_pool {
    name       = "default"
    node_count = 1
    vm_size    = "Standard_D2_v2"
  }

  identity {
    type = "SystemAssigned"
  }

  tags = {
    Environment = "dev"
  }

  http_proxy_config{
    http_proxy ="http://myproxy.server.com:8080/"
    https_proxy ="http://myproxy.server.com:8080/"
    no_proxy    = ["localhost","127.0.0.1"]
    trusted_ca = null

  }
}

Debug Output/Panic Output

Error: creating Cluster: (Managed Cluster Name "" / Resource Group ""): containerservice.ManagedClustersClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="HTTPProxyTrustedCAPEMDecodeFailure" Message="failed to decode HTTPProxyConfig.TrustedCA to PEM after base64 decoding."
│
│   with azurerm_kubernetes_cluster.example-aks,
│   on main.tf line 22, in resource "azurerm_kubernetes_cluster" "example-aks":
│   22: resource "azurerm_kubernetes_cluster" "example-aks" {

Expected Behaviour

We are setting trusted_ca to null or omitting it altogether, in this case terraform should deploy the cluster and not generate an error related to certificate decoding when in fact we are not providing a cert.

Using the native Azure ARM templates the AKS cluster gets deployed with no issues, when setting trusted_ca = null or omitting it.

Actual Behaviour

When doing terraform apply, it generates an error:

Error: creating Cluster: (Managed Cluster Name "" / Resource Group ""): containerservice.ManagedClustersClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="HTTPProxyTrustedCAPEMDecodeFailure" Message="failed to decode HTTPProxyConfig.TrustedCA to PEM after base64 decoding."
│
│ with azurerm_kubernetes_cluster.example-aks,
│ on main.tf line 22, in resource "azurerm_kubernetes_cluster" "example-aks":
│ 22: resource "azurerm_kubernetes_cluster" "example-aks" {

Steps to Reproduce

1. Have a resource group created in Azure
2. Update the sample tf provided with resource group name and aks name
3. Make sure you are logged in Azure subscription, az login
4. Run terraform init
5. Run terraform plan
6. Run terraform apply

Important Factoids

No response

References

https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster

[ms-henglu]

Hi @bkuliqi ,

The bug fix has been released in https://github.com/hashicorp/terraform-provider-azurerm/blob/v3.13.0/CHANGELOG.md, would you please give it a try? Thanks!

[bkuliqi]

Hi @ms-henglu,

We tried as soon as the v3.13 came out and the fix worked. Thanks for taking care of this, it was it was a blocker for us.

[github-actions]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.
If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.