Search code examples
azurekubernetesterraformazure-aksazure-cli

Aks Creation on Azure takes a long time before getting the following error message

{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/DeployOperations for usage details.","details":[{"code":"ResourceDeploymentFailure","message":"The resource provision operation did not complete within the allowed timeout period."}]}.

I get this error message whenever I try to deploy my AKS Cluster, no matter if I deploy it through Terraform, The azure portal or Azure CLI.

The config I use is :

az aks create --name Aks-moduleTf --max-count 1 --min-count 1 --network-plugin azure --vnet-subnet-id /subscriptions/<SUBID>/resourceGroups/MyResources/providers/Microsoft.Network/virtualNetworks/MyVnet/subnets/Mysubnet --node-count 1 --node-vm-size Standard_B2s --dns-service-ip X.X.X.X --resource-group MyResources --generate-ssh-keys --enable-cluster-autoscaler --service-cidr X.X.X.X/X

Thank you for your help.

Solution

  • The Error you are getting beacuse issue with the NSGS [acls] of subnet that are restricting the traffic flow to the Azure management network to let the AKS creation work.

    These NSGs are associated with the Subnet in Vnet that you are trying to create an AKS for.

    Apparently, when we created a new AKS(resource) with all the default options by creating a new subnet with no NSGs, It worked.

    Az CLI code

    az aks create --resource-group v-rXXXXXtree --name Aks-moduleTf --max-count 1 --min-count 1 --network-plugin azure --vnet-subnet-id /subscriptions/b83cXXXXXXXXXXXXX074c23f/resourceGroups/v-rXXXXXXXXXe/providers/Microsoft.Network/virtualNetworks/Vnet1/subnets/Subnet1 --node-count 1 --node-vm-size Standard_B2s --dns-service-ip 10.2.0.10 --service-cidr 10.2.0.0/24 --generate-ssh-keys --enable-cluster-autoscaler

    Solution : If you are creating Azure resoruce with existing vnet/subnet. you need to disable(Select None) for the NSG of subnet.

    enter image description here

    enter image description here

    enter image description here

    Reference : You can check this link one of the user faced this issue and went to Microsoft Support team and found the issue is with NSG