Skip to content

Error while deploying extension with Terraform #285

New issue
New issue
Open
Open
Error while deploying extension with Terraform#285
@BzSpi

Description

@BzSpi
BzSpi
opened on Jun 6, 2023

Hello,

While deploying with Terraform, I have the following error

Helm installation failed : Unable to render the helm chart and substitue helm values to get a valid yaml : Recommendation Please check if the config settings provided are valid : InnerError [failed to install CRD crds/prometheus-crd.yaml: customresourcedefinitions.apiextensions.k8s.io is forbidden: User "system:serviceaccount:kube-system:ext-installer-azureml-extension" cannot create resource "customresourcedefinitions" in API group "apiextensions.k8s.io" at the cluster scope]

Here's a part of the Terraform code:

data "azurerm_key_vault_certificate_data" "aml" {
  key_vault_id = var.keyvault_id
  name         = var.machine_learning_extension.ssl_keyvault_certificate_name
}

resource "azurerm_resource_provider_registration" "kubernetes_configuration_registration" {
  name = "Microsoft.KubernetesConfiguration"
}

resource "azurerm_resource_provider_registration" "extension_manager_registration" {
  count = var.providers_registration_enabled ? 1 : 0

  name = "Microsoft.ContainerService"

  feature {
    name       = "AKS-ExtensionManager"
    registered = true
  }
}

resource "azurerm_kubernetes_cluster_extension" "machine_learning" {
  name           = "azureml-extension"
  cluster_id     = azurerm_kubernetes_cluster.aks.id
  extension_type = "Microsoft.AzureML.Kubernetes"

  configuration_settings = {
    enableTraining               = true
    enableInference              = true
    inferenceRouterServiceType   = "loadBalancer"
    allowInsecureConnections     = false
    internalLoadBalancerProvider = "azure"
    privateEndpointILB           = true
    sslCname                     = var.machine_learning_extension.endpoint_fqdn
  }

  configuration_protected_settings = {
    sslKey  = data.azurerm_key_vault_certificate_data.aml.key
    sslCert = data.azurerm_key_vault_certificate_data.aml.pem
  }

  depends_on = [azurerm_resource_provider_registration.kubernetes_configuration_registration, azurerm_resource_provider_registration.extension_manager_registration]
}

Deployment is made with a Service Principal.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions