Azure Kubernetes 服务 ARM 模板不是幂等的

标签 azure azure-resource-manager azure-rm-template azure-container-service azure-aks

我创建了一个 ARM 模板来部署 Azure Kubernetes 服务实例,我正在尝试将其插入 VSTS 中的 CI/CD 管道。第一次部署时,一切都按预期运行,K8s 集群已成功创建。但是,重新部署后,模板无法通过验证阶段,并出现以下错误:

   "message": "The template deployment 'Microsoft.Template' is not valid according to the validation procedure."
   "details": [  
         "message":"Provisioning of resource(s) for container service <cluster name> in resource group <resource group name> failed. Message:" 
                "code": "PropertyChangeNotAllowed",
                "message": "Changing property 'linuxProfile.ssh.publicKeys.keyData' is not allowed.",
                "target": "linuxProfile.ssh.publicKeys.keyData"

因此,该模板显然不是幂等的,这完全违背了 ARM 模板部署的预期性质。



解决方案是将 SSH RSA 公钥指定为模板参数,并在配置 Linux 配置文件时使用它。我在下面发布了我的 ARM 模板:

    "$schema": "",
    "contentVersion": "",
    "parameters": {
        "clusterName": {
            "type": "string",
            "metadata": {
                "description": "The name of the Kubernetes cluster."
        "location": {
            "type": "string",
            "metadata": {
                "description": "The data center in which to deploy the Kubernetes cluster."
        "dnsPrefix": {
            "type": "string",
            "metadata": {
                "description": "DNS prefix to use with hosted Kubernetes API server FQDN."
        "osDiskSizeGB": {
            "defaultValue": 32,
            "minValue": 0,
            "maxValue": 1023,
            "type": "int",
            "metadata": {
                "description": "Disk size (in GB) to provision for each of the agent pool nodes. This value ranges from 0 to 1023. Specifying 0 will apply the default disk size for that agentVMSize."
        "agentCount": {
            "defaultValue": 1,
            "minValue": 1,
            "maxValue": 50,
            "type": "int",
            "metadata": {
                "description": "The number of agent nodes for the cluster."
        "agentVMSize": {
            "defaultValue": "Standard_D1_v2",
            "type": "string",
            "metadata": {
                "description": "The size of the Virtual Machine."
        "servicePrincipalClientId": {
            "type": "securestring",
            "metadata": {
                "description": "The Service Principal Client ID."
        "servicePrincipalClientSecret": {
            "type": "securestring",
            "metadata": {
                "description": "The Service Principal Client Secret."
        "osType": {
            "defaultValue": "Linux",
            "allowedValues": [
            "type": "string",
            "metadata": {
                "description": "The type of operating system."
        "kubernetesVersion": {
            "defaultValue": "1.10.6",
            "type": "string",
            "metadata": {
                "description": "The version of Kubernetes."
        "enableOmsAgent": {
            "defaultValue": true,
            "type": "bool",
            "metadata": {
                "description": "boolean flag to turn on and off of omsagent addon"
        "enableHttpApplicationRouting": {
            "defaultValue": true,
            "type": "bool",
            "metadata": {
                "description": "boolean flag to turn on and off of http application routing"
        "networkPlugin": {
            "defaultValue": "kubenet",
            "allowedValues": [
            "type": "string",
            "metadata": {
                "description": "Network plugin used for building Kubernetes network."
        "enableRBAC": {
            "defaultValue": true,
            "type": "bool",
            "metadata": {
                "description": "Flag to turn on/off RBAC"
        "logAnalyticsWorkspaceName": {
            "type": "string",
            "metadata": {
                "description": "Name of the log analytics workspace which will be used for container analytics"
        "logAnalyticsWorkspaceLocation": {
            "type": "string",
            "metadata": {
                "description": "The data center in which the log analytics workspace is deployed"
        "logAnalyticsResourceGroup": {
            "type": "string",
            "metadata": {
                "description": "The resource group in which the log analytics workspace is deployed"
        "vmAdminUsername": {
            "type": "string",
            "metadata": {
                "description": "User name for the Linux Virtual Machines."
        "sshRsaPublicKey": {
            "type": "securestring",
            "metadata": {
                "description": "Configure all linux machines with the SSH RSA public key string. Your key should include three parts, for example: 'ssh-rsa AAAAB...snip...UcyupgH azureuser@linuxvm'"
    "variables": {
        "logAnalyticsWorkspaceId": "[resourceId(parameters('logAnalyticsResourceGroup'), 'Microsoft.OperationalInsights/workspaces', parameters('logAnalyticsWorkspaceName'))]",
        "containerInsightsName": "[concat(parameters('clusterName'),'-containerinsights')]"
    "resources": [
            "type": "Microsoft.ContainerService/managedClusters",
            "name": "[parameters('clusterName')]",
            "apiVersion": "2018-03-31",
            "location": "[parameters('location')]",
            "properties": {
                "kubernetesVersion": "[parameters('kubernetesVersion')]",
                "enableRBAC": "[parameters('enableRBAC')]",
                "dnsPrefix": "[parameters('dnsPrefix')]",
                "addonProfiles": {
                    "httpApplicationRouting": {
                        "enabled": "[parameters('enableHttpApplicationRouting')]"
                    "omsagent": {
                        "enabled": "[parameters('enableOmsAgent')]",
                        "config": {
                            "logAnalyticsWorkspaceResourceID": "[variables('logAnalyticsWorkspaceId')]"
                "agentPoolProfiles": [
                        "name": "agentpool",
                        "osDiskSizeGB": "[parameters('osDiskSizeGB')]",
                        "count": "[parameters('agentCount')]",
                        "vmSize": "[parameters('agentVMSize')]",
                        "osType": "[parameters('osType')]",
                        "storageProfile": "ManagedDisks"
                "linuxProfile": {
                    "adminUsername": "[parameters('vmAdminUsername')]",
                    "ssh": {
                        "publicKeys": [
                                "keyData": "[parameters('sshRsaPublicKey')]"
                "servicePrincipalProfile": {
                    "clientId": "[parameters('servicePrincipalClientId')]",
                    "secret": "[parameters('servicePrincipalClientSecret')]"
                "networkProfile": {
                    "networkPlugin": "[parameters('networkPlugin')]"
            "dependsOn": [
                "[concat('Microsoft.Resources/deployments/', 'SolutionDeployment')]"
            "type": "Microsoft.Resources/deployments",
            "name": "SolutionDeployment",
            "apiVersion": "2017-05-10",
            "resourceGroup": "[parameters('logAnalyticsResourceGroup')]",
            "properties": {
                "mode": "Incremental",
                "template": {
                    "$schema": "",
                    "contentVersion": "",
                    "resources": [
                            "apiVersion": "2015-11-01-preview",
                            "type": "Microsoft.OperationsManagement/solutions",
                            "location": "[parameters('logAnalyticsWorkspaceLocation')]",
                            "name": "[variables('containerInsightsName')]",
                            "properties": {
                                "workspaceResourceId": "[variables('logAnalyticsWorkspaceId')]"
                            "plan": {
                                "name": "[variables('containerInsightsName')]",
                                "product": "OMSGallery/ContainerInsights",
                                "promotionCode": "",
                                "publisher": "Microsoft"
    "outputs": {
        "controlPlaneFQDN": {
            "type": "string",
            "value": "[reference(concat('Microsoft.ContainerService/managedClusters/', parameters('clusterName'))).fqdn]"
        "sshMaster0": {
            "type": "string",
            "value": "[concat('ssh ', parameters('vmAdminUsername'), '@', reference(concat('Microsoft.ContainerService/managedClusters/', parameters('clusterName'))).fqdn, ' -A -p 22')]"

关于Azure Kubernetes 服务 ARM 模板不是幂等的,我们在Stack Overflow上找到一个类似的问题:


azure - 从 CosmosDB 导入 Azure 搜索时找不到 id 以外的字段

azure - 如何从 azure 门户获取邮件中的 azure web 作业运行警报?

azure - 无法加载在 Azure 上运行 Core 2.0 应用程序的文件或程序集 System.Runtime,版本=

azure - 如何将Azure移动服务添加到Azure资源管理器模板?

json - 如何使用条件逻辑将完全限定的 Azure 资源 ID 作为原始 json 传递?

azure - 远程创建 azure devops Windows 自托管代理

java - 所有请求似乎都来自使用 Azure 上的 Tomcat 的

azure - 使用 ARM 模板对 Azure 存储帐户容器设置合法保留

azure - 如何使用 EtwProviders 让 ETW 与 Service Fabric 的 VM 规模集的 ARM 模板配合使用

azure-resource-manager - 二头肌名称属性和模块