Azure Bicep 脚本在第二次执行时产生错误 "Changing property > ' agentPoolProfile.vnetSubnetID' is not allowed."

Question

我使用 Azure Bicep 创建具有单个子网的 virtualNetwork，然后将其用作创建 aks 集群的输入:vnetSubnetID: virtualNetwork.properties.subnets[0].id

第一次运行该命令时，它会很好地创建虚拟网络和集群，但第二次运行该命令时会出现此错误:

{"error":{"code":"InvalidTemplateDeployment","message":"The template deployment 'cluster' is not valid according to the validation procedure. The tracking id is '[REDACTED_JUST_IN_CASE]'. See inner errors for details.","details":[{"code":"PropertyChangeNotAllowed","message":"Provisioning of resource(s) for container service playground-cluster0 in resource group showcase-kevinplayground2 failed. Message: {\n "code": "PropertyChangeNotAllowed",\n "message": "Changing property 'agentPoolProfile.vnetSubnetID' is not allowed.",\n "target": "agentPoolProfile.vnetSubnetID"\n }. Details: "}]}}

我仔细检查了一下，部署创建的 virtualNetwork 内只有一个子网(没有其他神奇地出现或任何东西)。

我在第二个资源组上重复了实验，并且发生了同样的事情，因此它是可重现的。

这是完整的 bicep 文件(只需在您选择的资源组中调用 az deployment group create --resource-group Showcase-kevinplayground2 -f cluster.bicep)

targetScope = 'resourceGroup'
resource virtualNetwork 'Microsoft.Network/virtualNetworks@2021-02-01' = {
  name: 'aksVirtualNetwork'
  location: resourceGroup().location
  properties:{
    addressSpace:{
      addressPrefixes:[
        '10.10.0.0/16'
      ]
    }
    subnets:[
      {
        name: 'aks'
        properties:{
          addressPrefix: '10.10.5.0/24'
        }
      }
    ]
    
  }
}

resource aksManagedIdentity 'Microsoft.ManagedIdentity/userAssignedIdentities@2018-11-30' = {
  name: 'playgroundIdentity'
  location: resourceGroup().location
}

resource aks 'Microsoft.ContainerService/managedClusters@2021-02-01' = {
  name: 'playground-cluster0'
  location: resourceGroup().location
  identity: {
    type:'UserAssigned'
    userAssignedIdentities: {
      '${aksManagedIdentity.id}': {}
    }
  }
  sku: {
    name: 'Basic'
    tier: 'Free'
  }
  properties: {
    kubernetesVersion: '1.21.2'
    dnsPrefix: 'playground'
    enableRBAC: true

    networkProfile: {
      networkPlugin: 'azure'
      networkPolicy: 'calico'
    }

    aadProfile: {
      managed: true
      enableAzureRBAC: true
    }

    autoUpgradeProfile: {}

    apiServerAccessProfile: {
      enablePrivateCluster: false
    }
    
    agentPoolProfiles: [
      {
        name: 'aksnodes'
        count: 1
        vmSize: 'Standard_B2s'
        osDiskSizeGB: 30
        osDiskType: 'Managed'
        vnetSubnetID: virtualNetwork.properties.subnets[0].id
        osType: 'Linux'
        maxCount: 1
        minCount: 1
        enableAutoScaling: true
        type: 'VirtualMachineScaleSets'
        mode: 'System'
        orchestratorVersion: null
      }
    ]
  }
}

Answer 1

查看此报告 github issue ，您需要使用resourceId函数。
在你的情况下，类似的东西应该有效:

vnetSubnetID: resourceId('Microsoft.Network/virtualNetworks/subnets', 'aksVirtualNetwork', 'aks')