locked
Deploying AKS via ARM template with two pools (Linux and Windows)) RRS feed

  • Question

  • Hi all,

    I want to deploy AKS cluster using ARM template with two node pools: Windows and Linux.

    I try:

    {
       "$schema":"https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
       "contentVersion":"1.0.0.1",
       "parameters":{
          "clusterName":{
             "type":"string",
             "defaultValue":"aks101cluster",
             "metadata":{
                "description":"The name of the Managed Cluster resource."
             }
          },
          "location":{
             "type":"string",
             "defaultValue":"[resourceGroup().location]",
             "metadata":{
                "description":"The location of the Managed Cluster resource."
             }
          },
          "dnsPrefix":{
             "type":"string",
             "metadata":{
                "description":"Optional DNS prefix to use with hosted Kubernetes API server FQDN."
             }
          },
          "osDiskSizeGB":{
             "type":"int",
             "defaultValue":0,
             "metadata":{
                "description":"Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 will apply the default disk size for that agentVMSize."
             },
             "minValue":0,
             "maxValue":1023
          },
          "agentCount":{
             "type":"int",
             "defaultValue":3,
             "metadata":{
                "description":"The number of nodes for the cluster."
             },
             "minValue":1,
             "maxValue":50
          },
          "agentVMSize":{
             "type":"string",
             "defaultValue":"Standard_DS2_v2",
             "metadata":{
                "description":"The size of the Virtual Machine."
             }
          },
          "linuxAdminUsername":{
             "type":"string",
             "metadata":{
                "description":"User name for the Linux Virtual Machines."
             }
          },
          "sshRSAPublicKey":{
             "type":"string",
             "metadata":{
                "description":"Configure all linux machines with the SSH RSA public key string. Your key should include three parts, for example 'ssh-rsa AAAAB...snip...UcyupgH azureuser@linuxvm'"
             }
          },
          "servicePrincipalClientId":{
             "metadata":{
                "description":"Client ID (used by cloudprovider)"
             },
             "type":"securestring"
          },
          "servicePrincipalClientSecret":{
             "metadata":{
                "description":"The Service Principal Client Secret."
             },
             "type":"securestring"
          },
          "osType":{
             "type":"string",
             "defaultValue":"Linux",
             "allowedValues":[
                "Linux",
                "Windows"
             ],
             "metadata":{
                "description":"The type of operating system."
             }
          }
       },
       "resources":[
          {
             "apiVersion":"2020-02-01",
             "type":"Microsoft.ContainerService/managedClusters",
             "location":"[parameters('location')]",
             "name":"[parameters('clusterName')]",
             "properties":{
                "dnsPrefix":"[parameters('dnsPrefix')]",
                "agentPoolProfiles":[
                   {
                      "name":"linuxpool",
                      "osDiskSizeGB":"[parameters('osDiskSizeGB')]",
                      "count":"[parameters('agentCount')]",
                      "vmSize":"[parameters('agentVMSize')]",
                      "osType":"[parameters('osType')]",
                      "enableAutoScaling":true,
                      "storageProfile":"ManagedDisks",
                      "type":"VirtualMachineScaleSets",
                      "minCount":2,
                      "maxCount":3
                   }
                ],
                "linuxProfile":{
                   "adminUsername":"[parameters('linuxAdminUsername')]",
                   "ssh":{
                      "publicKeys":[
                         {
                            "keyData":"[parameters('sshRSAPublicKey')]"
                         }
                      ]
                   }
                },
                "windowsProfile":{
                   "adminUsername":"[parameters('linuxAdminUsername')]",
                   "adminPassword":"[parameters('sshRSAPublicKey')]"
                },
                "servicePrincipalProfile":{
                   "clientId":"[parameters('servicePrincipalClientId')]",
                   "Secret":"[parameters('servicePrincipalClientSecret')]"
                }
             }
          },
          {
             "apiVersion":"2020-02-01",
             "type":"Microsoft.ContainerService/managedClusters/agentPools",
             "name":"[concat(parameters('clusterName'),'/window')]",
             "dependsOn":[
                "[concat('Microsoft.ContainerService/managedClusters/', parameters('clusterName'))]"
             ],
             "location":"[resourceGroup().location]",
             "properties":{
                "name":"window",
                "osDiskSizeGB":"[parameters('osDiskSizeGB')]",
                "count":"[parameters('agentCount')]",
                "vmSize":"[parameters('agentVMSize')]",
                "osType":"Windows",
                "enableAutoScaling":true,
                "storageProfile":"ManagedDisks",
                "type":"VirtualMachineScaleSets",
                "minCount":2,
                "maxCount":3,
                "maxPods":250
             }
          }
       ],
       "outputs":{
          "controlPlaneFQDN":{
             "type":"string",
             "value":"[reference(parameters('clusterName')).fqdn]"
          }
       }
    }


    And I got an error:

    New-AzResourceGroupDeployment : 8:21:46 PM - Resource Microsoft.ContainerService/managedClusters 'aksks12' failed with message '{
      "code": "AzureCNIOnlyForWindows",
      "message": "Windows agent pools can only be added to AKS clusters using Azure-CNI."
    }'
    At line:1 char:1
    + New-AzResourceGroupDeployment -Name 'TRYAKS' -ResourceGroupName 'aks' ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [New-AzResourceGroupDeployment], Exception
        + FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDeploymentCmdlet

    New-AzResourceGroupDeployment : 8:21:46 PM - Template output evaluation skipped: at least one resource deployment operation failed. Please list deployment operations for details. Please see
    https://aka.ms/DeployOperations for usage details.
    At line:1 char:1
    + New-AzResourceGroupDeployment -Name 'TRYAKS' -ResourceGroupName 'aks' ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [New-AzResourceGroupDeployment], Exception
        + FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDeploymentCmdlet

    New-AzResourceGroupDeployment : 8:21:46 PM - Template output evaluation skipped: at least one resource deployment operation failed. Please list deployment operations for details. Please see
    https://aka.ms/DeployOperations for usage details.
    At line:1 char:1
    + New-AzResourceGroupDeployment -Name 'TRYAKS' -ResourceGroupName 'aks' ...
    + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
        + CategoryInfo          : NotSpecified: (:) [New-AzResourceGroupDeployment], Exception
        + FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDeploymentCmdlet

    Could you help me please?




    • Edited by compasses Friday, March 13, 2020 5:50 PM
    Friday, March 13, 2020 5:44 PM

Answers

  • HI,

    You need to have Azure CNI networking for windows node pools.

    Please add the below snippet which which has the network policy.

                    "networkProfile": {
                        "networkPlugin": "azure",
                        "networkPolicy": "azure",
                        "serviceCidr": "10.0.0.0/16",
                        "dockerBridgeCidr": "172.17.0.1/16"
                    }

    You need to add the "networkProfile" in the same level as "windowsProfile".  Use this as the reference.

    Also go through this document to know more about the advanced networking option used above.

    You can use calico or azure network policy. In our example we used azure network policy. Use this link for the network policy comparision.

    Monday, March 16, 2020 6:43 AM