Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Make the Azure Key Vault public because private Key Vault requires preview API #599

Merged
merged 2 commits into from
Nov 7, 2024
Merged

Make the Azure Key Vault public because private Key Vault requires preview API #599

merged 2 commits into from
Nov 7, 2024

Conversation

zioproto
Copy link
Collaborator

@zioproto zioproto commented Nov 5, 2024

Running Microsoft Terraform module AKS end to end tests I get this new error message I have never seen before from the ARM API:

https://github.com/Azure/terraform-azurerm-aks/actions/runs/11665268834/job/32477571013?pr=598#step:3:6605

HTTP 400 "Vnet integration should be enabled when KeyVault network access is Private."

I believe this is the root cause:
https://learn.microsoft.com/en-us/azure/aks/use-kms-etcd-encryption#prerequisites ( See yellow warning box)

However Vnet Integration is still preview as far as I know. Terraform provider azurerm V4 will not support preview features. https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/4.0-upgrade-guide#aks-migration-to-stable-api

This is a workaround to get the CI running again.
This PR needs to be reverted once AKS API Vnet Integration goes GA

@zioproto
Make the Azure Key Vault public because private Key Vault requires pr…
5e25566 
…eview API

Running Microsoft Terraform module AKS end to end tests I get this new error message I have never seen before from the ARM API:

https://github.com/Azure/terraform-azurerm-aks/actions/runs/11665268834/job/32477571013?pr=598#step:3:6605

HTTP 400 "Vnet integration should be enabled when KeyVault network access is Private."

I believe this is the root cause:
https://learn.microsoft.com/en-us/azure/aks/use-kms-etcd-encryption#prerequisites
( See yellow warning box)

However Vnet Integration is still preview as far as I know. Terraform provider azurerm V4 will not support preview features.
https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/guides/4.0-upgrade-guide#aks-migration-to-stable-api
@zioproto zioproto requested a review from lonegunmanb November 5, 2024 10:02
@zioproto
Copy link
Collaborator Author

zioproto commented Nov 6, 2024

The end to end test is now failing on the upgrade step. It cannot pass the upgrade test because the current main branch cannot pass the end to end test.

lonegunmanb
lonegunmanb approved these changes Nov 7, 2024
View reviewed changes
Copy link
Member

@lonegunmanb lonegunmanb left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This pr LGTM though it failed the version upgrade test, because it's about to fix this issue in the last version.

@zioproto zioproto merged commit dc5d58b into main Nov 7, 2024
4 of 5 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@lonegunmanb lonegunmanb lonegunmanb approved these changes

Assignees
No one assigned
Labels
None yet
Projects
Azure Module Kanban
Status: Done
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@zioproto @lonegunmanb