Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

azurerm_kubernetes_cluster missing oms_agent[0].oms_agent_identity[0] #21305

Open
1 task done
Ledermayer opened this issue Apr 5, 2023 · 8 comments
Open
1 task done

azurerm_kubernetes_cluster missing oms_agent[0].oms_agent_identity[0] #21305

Ledermayer opened this issue Apr 5, 2023 · 8 comments
Labels
bug service/kubernetes-cluster v/3.x

Comments

@Ledermayer
Copy link

Ledermayer commented Apr 5, 2023
edited

Is there an existing issue for this?

  • I have searched the existing issues

Community Note

  • Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
  • Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
  • If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform Version

1.4.2

AzureRM Provider Version

3.49.0

Affected Resource(s)/Data Source(s)

azurerm_kubernetes_cluster

Terraform Configuration Files

resource "azurerm_kubernetes_cluster" "aks_cluster" {

azure_active_directory_role_based_access_control {
    managed                = true
    tenant_id              = ""
    admin_group_object_ids = [""]
    azure_rbac_enabled     = true
  }

oms_agent {
    log_analytics_workspace_id = ""
  }

}

Debug Output/Panic Output

│ Error: Invalid index
│ 
│   on ../outputs.tf line 46, in output "omsagent_identity":
│   46:   value = var.aks_cluster_addon_oms_agent_enabled ? azurerm_kubernetes_cluster.aks_cluster.oms_agent[0].oms_agent_identity[0] : null
│     ├────────────────
│     │ azurerm_kubernetes_cluster.aks_cluster.oms_agent[0].oms_agent_identity is empty list of object
│ 
│ The given key does not identify an element in this collection value: the
│ collection has no elements.
╵
╷
│ Error: Invalid index
│ 
│   on ../role_assignments.tf line 7, in resource "azurerm_role_assignment" "aks_cluster_role_oms":
│    7:   principal_id         = azurerm_kubernetes_cluster.aks_cluster.oms_agent[0].oms_agent_identity[0].object_id
│     ├────────────────
│     │ azurerm_kubernetes_cluster.aks_cluster.oms_agent[0].oms_agent_identity is empty list of object
│ 
│ The given key does not identify an element in this collection value: the
│ collection has no elements.

Expected Behaviour

Statefile should have the oms_agent_identity populated.

"oms_agent": [
              {
                "log_analytics_workspace_id": "",
                "oms_agent_identity": [
                  {
                    "client_id": "",
                    "object_id": "",
                    "user_assigned_identity_id": ""
                  }
                ]
              }
            ]

oms_state_good

Actual Behaviour

Statefile does not have the oms_agent_identity stored.

"oms_agent": [
          {
            "log_analytics_workspace_id": "",
            "msi_auth_for_monitoring_enabled": true,
            "oms_agent_identity": []
          }
        ]

oms_state_bad

Steps to Reproduce

Create a cluster with OMS Agent enabled.

I could reproduce this on 3.39.0 as well.

On 3.31.0 this was working fine.

Important Factoids

No response

References

This issue looks really similar to the one, when the kube_config was not populated for an AAD enabled cluster.

#18139
#18142

I have not tested without AAD enabled as this is a constrain in my environment.
@Ledermayer Ledermayer added the bug label Apr 5, 2023
@github-actions github-actions bot removed the bug label Apr 5, 2023
@Ledermayer
Copy link
Author

Some updates.

I have tested and this issue definitely related to AAD enabled clusters, I have deployed a cluster in a Sandbox without integration and worked fine.

Also this issue does not happening on 3.51.0, maybe because of the API version change to 2023-02-02-preview.

@KempMVitesse
Copy link

I am seeing the same issue with 3.52.0

@CDoehne
Copy link

CDoehne commented Jul 28, 2023

Issue still present on v3.67.0

@epiHATR
Copy link

epiHATR commented Aug 17, 2023

Same issue on v3.69.0

@jmcdade11
Copy link

jmcdade11 commented Aug 18, 2023
edited

When I tried removing/enabling the monitoring addon via the Azure CLI, (i.e. outside of Terraform) I noticed that the config had a null identity when AAD auth is enabled

@angelbulas
Copy link

Same issue here, when "msi_auth_for_monitoring_enabled" is true, the "oms_agent_identity" becomes empty

@nesh-vitalii
Copy link

Same issue

@jatakiajanvi12
Copy link

For Managed Identity enabled clusters, the identity object is expected to be null. To enable omsagent there will also be a need to have Data Collection Rules(DCRs) and Data Collection Rule Association (DCRAs). Please follow the guide here for onboarding using terraform: https://github.com/microsoft/Docker-Provider/tree/ci_prod/scripts/onboarding/aks/onboarding-msi-terraform

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug service/kubernetes-cluster v/3.x
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
10 participants
@jmcdade11 @mybayern1974 @Ledermayer @jatakiajanvi12 @angelbulas @epiHATR @catriona-m @nesh-vitalii @KempMVitesse @CDoehne