Create Azure AKS with Managed Identity using Terraform gives AutoUpgradePreview not enabled error-CodePudding

I am trying to create an AKS cluster with managed identity using Terraform. This is my code so far, pretty basic and standard from a few documentation and blog posts I found online.

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "2.79.1"
    }
  }
}

provider "azurerm" {
  features {}

  use_msi = true
}

resource "azurerm_resource_group" "rg" {
  name     = "prod_test"
  location = "northeurope"
}

resource "azurerm_kubernetes_cluster" "cluster" {
  name                = "prod_test_cluster"
  location            = azurerm_resource_group.rg.location
  resource_group_name = azurerm_resource_group.rg.name
  dns_prefix          = "weak"

  default_node_pool {
    name       = "default"
    node_count = "4"
    vm_size    = "standard_ds3_v2"
  }

  identity {
    type = "SystemAssigned"
  }
}

And this is the error message that I can't come around to a solution. Any thoughts on it?

Error: creating Managed Kubernetes Cluster "prod_test_cluster" (Resource Group "prod_test"): containerservice.ManagedClustersClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="BadRequest" Message="Feature Microsoft.ContainerService/AutoUpgradePreview is not enabled. Please see https://aka.ms/aks/previews for how to enable features."
│ 
│   with azurerm_kubernetes_cluster.cluster,
│   on main.tf line 19, in resource "azurerm_kubernetes_cluster" "cluster":
│   19: resource "azurerm_kubernetes_cluster" "cluster" {
│

CodePudding user response：

I tested it on my environment and faced the same issue as you can see below:

So, to give a description on the issue the AutoChannelUpgrade went to public preview on August 2021. And as per the terraform azurerm provider 2.79.0 , it bydefault passes that value to none in the backend but as we have not registered for the feature it fails giving the error Feature Microsoft.ContainerService/AutoUpgradePreview is not enabled.
To confirm you don't have the feature registered you can use the below command :
```
az feature show -n AutoUpgradePreview --namespace Microsoft.ContainerService 
```
You will see it not registered as below:

Now to overcome this you can try two solutions as given below:

You can try using terraform azurerm provider 2.78.0 instead of 2.79.1.
Other solution will be to register for the feature and then you can use the same code that you are using .

You can follow the below steps:

You can use below command to register the feature (it will take around 5 mins to get registered) :

az login --identity 
az feature register --namespace Microsoft.ContainerService -n AutoUpgradePreview

After the above is done you can check the registration stauts with below command :

az feature registration show --provider-namespace Microsoft.ContainerService -n AutoUpgradePreview

After the feature status becomes registered you can do a terraform apply to your code .

I tested it using the below code on my VM:

provider "azurerm" {
features {}
subscription_id = "948d4068-xxxxx-xxxxxx-xxxx-e00a844e059b"
tenant_id = "72f988bf-xxxxx-xxxxxx-xxxxx-2d7cd011db47"
use_msi = true
}

resource "azurerm_resource_group" "rg" {
name     = "terraformtestansuman"
location = "west us 2"
}

resource "azurerm_kubernetes_cluster" "cluster" {
name                = "prod_test_cluster"
location            = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
dns_prefix          = "weak"

default_node_pool {
name       = "default"
node_count = "4"
vm_size    = "standard_ds3_v2"
}
identity {
type = "SystemAssigned"
}
}

Outputs:

Reference:

Github Issue

Install Azure CLI if not installed on the VM using Microsoft Installer