Support for outputting the name of the VMSS within AKS clusters

[BrendanThompson]

Community Note

• Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave "+1" or "me too" comments, they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment

Description

When trying to do such things as create alerts with Azure Monitor, the metrics available on the Azure Kubernetes Service resource type are utterly useless, this means that in order to get any valuable information out of the platform it is required to query against the VMSS for each Agent Pool. Currently, there is no mechanism for getting the VMSS name out of Terraform.

It would be ideal that if part of the data "azurerm_kubernetes_cluster" "this" {} data source that this information was exposed for such use cases as above.

New or Affected Resource(s)

• azurerm_kubernetes_cluster [ Data Source ]

Potential Terraform Configuration

data "azurerm_kubernetes_cluster" "this" {
  name = "aks"
  resource_group_name = "rg-aks"
}

output "vmss_name" {
  value = data.azurerm_kubernetes_cluster.this.agent_pool_profile.0.vmss_name
}

References

[aristosvo]

I like the idea of it and have a simular usecase for other AKS resource names and id's, main problem here is that the user or service principal authenticating your TerraForm actions may not have the right permissions on the resource group where the resources for AKS are living. If we don't want to break the data source for these people, we need something smart or exposure of the data via the AKS REST API.

So the first question is probably if we can get Microsoft to expose the internals of AKS via the AKS REST API. I think they won't.

The other option, something smart which checks the permissions on the resource group of your AKS resources, gets the name of the VMSS per Agent Pool and exposes the data if you have permissions. I don't think we want to do that either, as you're then basically extending Microsoft's AKS API and implementing it in TerraForm. It's a nice challenge though 😎.

@katbyte: any other suggestions?

[tombuildsstuff]

hey @BrendanThompson @aristosvo

Thanks for opening this issue.

Taking a look into this as @aristosvo has mentioned this is an implementation detail of AKS which currently isn't (and arguably shouldn't be, since they're dynamic in a scale-set, and non-VMSS AKS Node Pools are superseded). That said, it should be possible to achieve this using by installing the monitoring on the VMSS created by AKS - rather than the individual nodes, since monitoring can be achieved as a VM Extension, and applied to all existing/new nodes.

At this time AKS doesn't expose the ID of the VM Scale Set being used - as such before we'd be able to expose this information we'd need the AKS Service to expose this information - as such I'd suggest opening an issue on the AKS Repository where when that's available we should be able to export this, for both the Cluster and the associated Node Pools.

Since this isn't something that's currently possible (since this information isn't available in the API) - I'm going to close this issue for the moment, however if/when this becomes available in the AKS API we can look into adding support for this :)

Thanks!

[ghost]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues.

If you feel this issue should be reopened, we encourage creating a new issue linking back to this one for added context. If you feel I made an error 🤖 🙉 , please reach out to my human friends 👉 hashibot-feedback@hashicorp.com. Thanks!