Setting apiServerAuthorizedIPRange to 0.0.0.0/32 is not allowed with other IP ranges.

[Vinaum8]

Is there an existing issue for this?

• I have searched the existing issues

Greenfield/Brownfield provisioning

greenfield

Terraform Version

latest

Module Version

7.0.0

AzureRM Provider Version

version = ">=3.55.0"

Affected Resource(s)/Data Source(s)

on .terraform/modules/aks/main.tf line 17, in resource "azurerm_kubernetes_cluster" "main":

Terraform Configuration Files

# Network Config
vnet_subnet_id                = <some id subnet>
public_network_access_enabled = false
api_server_authorized_ip_ranges = [ "0.0.0.0/32", "some public up" ]
network_plugin                = "kubenet"

tfvars variables values

don't need

Debug Output/Panic Output

╷
│ Error: creating Managed Cluster (Subscription: "***"

managedclusters.ManagedClustersClient#CreateOrUpdate: Failure sending request: StatusCode=0 -- Original Error: Code="InvalidParameter" Message="Setting apiServerAuthorizedIPRange to 0.0.0.0/32 is not allowed with other IP ranges. Refer to https://aka.ms/aks/auth-ip-ranges for more details"
│ 
│   with module.aks.azurerm_kubernetes_cluster.main,
│   on .terraform/modules/aks/main.tf line 17, in resource "azurerm_kubernetes_cluster" "main":
│   17: resource "azurerm_kubernetes_cluster" "main" {
│ 
╵
Releasing state lock. This may take a few moments...
##[error]Bash exited with code '1'.

Expected Behaviour

Well, do I need to create a cluster with the addresses defined?
If I leave only the value 0.0.0.0/32 and manually add. will this be ignored by terraform?
I tried to put only the public address, without "0.0.0.0/32", but there is a validation that needs to contain this value in the range.

How to proceed?

Actual Behaviour

No response

Steps to Reproduce

apply the block on the code
terraform plan
terraform apply

Important Factoids

No response

References

https://learn.microsoft.com/en-us/azure/aks/api-server-authorized-ip-ranges#overview-of-api-server-authorized-ip-ranges

[zioproto]

Duplicated of #370

please confirm this is a duplicate and eventually close this issue.

[Vinaum8]

well, I would like to put only 1 public address, but it is not possible because there is a condition.

When trying to put the value "0.0.0.0/32" and another public address, the error described in the issue that was solved occurs.

The final objective is: to place a single public address with access permission.

Reason: I will configure my allowed networks (hub and spoke vnet) and access the cluster via rancher.

[zioproto]

The condition was removed already in #375

Can you give us more context on the urgency ? Can you wait the next schedule release ?

Cc: @lonegunmanb

[lonegunmanb]

@Vinaum8 thanks for reporting this issue to us, this issue is duplicated with #370 and solved by #375 as @zioproto described, we'll fix this issue when we release v7.1.0. If it's urgent to you, we can arrange a hotfix version release. I'll keep this issue open so you could leave your message here.

[Vinaum8]

@lonegunmanb I deployed the cluster yesterday, without a module. I will wait for the new release and I will use it for my new deploys, thanks! 😄

[lonegunmanb]

I'm closing this issue since our next release should fix this issue, please feel free to reopen it if you have any further question.