Description
We recently received email notification about Windows Server 2019 retirement on AKS.
We couldn't see any impacted resources within the workbook, however email did list impacted cluster nodes.
The KQL for the ServiceID 284 looked fine and tested the case statement on its own:
type =~ "microsoft.compute/virtualmachinescalesets" and tags contains 'aks-managed'
, case(tostring(properties.virtualMachineProfile.storageProfile.imageReference.id) contains "AKSWindows/images/windows-2022", 560,
tostring(properties.virtualMachineProfile.storageProfile.imageReference.id) contains "AKSWindows/images/windows-2019", 284,-9999)I investigated at the KQL and saw that there is a potential issue using the "contains" operator when evaluating resource types. i.e "microsoft.compute/virtualmachines" vs "microsoft.compute/virtualmachinescalesets"
The issue comes from line 41 of the query once expanded:
,type contains "microsoft.compute/virtualmachine"
, case (
(tostring(properties.hardwareProfile.vmSize) in~ ('basic_a0','basic_a1','basic_a2','basic_a3','basic_a4','standard_a0','standard_a1','standard_a2','standard_a3','standard_a4','standard_a5','standard_a6','standard_a7','standard_a9') or tostring(sku.name) in~ ('basic_a0','basic_a1','basic_a2','basic_a3','basic_a4','standard_a0','standard_a1','standard_a2','standard_a3','standard_a4','standard_a5','standard_a6','standard_a7','standard_a9')),60
, (tostring(properties.hardwareProfile.vmSize) in~ ('Standard_M192is_v2') or tostring(sku.name) in~ ('Standard_M192is_v2')) ,495I fixed it in a custom saved version by changing the affected line to:
,type == "microsoft.compute/virtualmachines" After applying the fix, the affected AKS managed windows nodes were listed within the workbook.
Unless "contains" is needed, would it be possible to ensure that most/all type checks are switch to either "=~" or "==" operators?