terraform-provider-azurerm: InvalidLoadBalancerProfile in AKS

After deplyoing an app with a load balancer into a fresh AKS cluster with no load balancer profile configured (only sku to Standard) and then changing for example number of nodes gives me:

Error: Code="InvalidLoadBalancerProfile" Message="Load balancer profile must
specify one of ManagedOutboundIPs, OutboundIPPrefixes and OutboundIPs." 
Target="networkProfile.loadBalancerProfile"

Output of terrafom apply which is causing it I guess:

            load_balancer_profile {
                effective_outbound_ips    = [
                    "/subscriptions/..../publicIPAddresses/.....",
                ]
                managed_outbound_ip_count = 1
                outbound_ip_address_ids   = []
                outbound_ip_prefix_ids    = []
            }
        }

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request
Please do not leave “+1” or “me too” comments, they generate extra noise for issue followers and do not help prioritize the request
If you are interested in working on this issue or have submitted a pull request, please leave a comment

Terraform (and AzureRM Provider) Version

Terraform v0.12.23

provider.azurerm v2.6.0

#0000

About this issue

Original URL
State: closed
Created 4 years ago
Reactions: 72
Comments: 28 (7 by maintainers)

Commits related to this issue

Bug: azurerm_kubernetes_cluster errors out with InvalidLoadbalancerProfile on changes (#6534) Fixes #6525 — committed to hashicorp/terraform-provider-azurerm by aristosvo 4 years ago

Most upvoted comments

This issue (in my experience), means that all versions of the provider > 2.5 are broken for AKS, regardless of the version of the provider used to create the AKS cluster.

It’s actually a rather insidious break, because you can create AKS clusters using newer versions of the provider, but the first time you have a modification, terraform apply will crap out every time.

To me, this appears to be a grade A drop-everything-and-fix-it issue because to all intents and purposes the past four provider releases are fundamentally broken for all AKS users… please excuse me if I’ve got the wrong end of the stick and there’s a workaround I missed!

+11

markslater on May 11, 2020

I’m having the same issue as well on:

Terraform v0.12.24

Azurerm provider 2.8.0

@nivhty upgrade to 2.10.0 for the fix.

aristosvo on May 19, 2020

It is still working in 2.5.0!

To make it possible to change your loadbalancer outbound IP settings without recreating the cluster I filled a PR, which is merged into 2.6.0. Due to this PR the loadbalancer outbound settings can be changed. But if these settings are not changed a bug in the code causes your AKS cluster to think you have no outbound loadbalancer settings, which blocks any other kind of change you want to make to your cluster.

The good news is 2.5.0 is still working and just limited functionality has made it past that. If you need 2.6+ functionality, this sad issue is blocking cluster changes after cluster creation.

aristosvo on May 5, 2020

I am having the same issue after upgrading to azure provider v2.6.0. I have tried to fix the issue by adding the load_balancer_profile block as so:

  network_profile {
    network_plugin    = "azure"
    load_balancer_sku = "standard"
    load_balancer_profile {
      managed_outbound_ip_count = 1
    }
  }

However, I get the same error in the description of this issue.

ablyler on Apr 17, 2020

It’s quit easy to separate the versions between two resources, although I feel your pain.

Bugs like these on advanced resources are not always easy to catch though…

aristosvo on May 15, 2020

I have just observed this with 2.9.0. this is the error message: containerservice.ManagedClustersClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="InvalidLoadBalancerProfile" Message="Load balancer profile must specify one of ManagedOutboundIPs

I basically did a terraform plan, terraform apply and then another terraform plan and terraform apply.

viresh-contino on May 12, 2020

@tombuildsstuff Can we tag this as a /bug? The fix is already available, including a test reproducing the failure.

@robologic et all: as a workaround you can also change the number of outbound IP’s for every change, the problem shows when no change in the load_balancer_profile is applied. In that case the load_balancer_profile configuration is not included in the request towards Azure 😢

aristosvo on Apr 21, 2020

Just linked in the issue above. If you’re looking to upgrade and are using the Basic SKU of postgres, you’ll encounter another show-stopper bug.

atrauzzi on May 15, 2020

is this PR the official one ? https://github.com/terraform-providers/terraform-provider-azurerm/pull/6534. we need a custom build as this is breaking all cluster update 😦

djsly on May 12, 2020

@asubmani I’m sorry, it is not merged yet. If any of you can thoroughly review https://github.com/terraform-providers/terraform-provider-azurerm/pull/6534 it might speed up things a bit, but other than that I can do nothing.

👍 on the issue is the best way for the maintainers to indicate the need for the fix.

aristosvo on Apr 24, 2020