Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to initialize kubernetes provider with listClusterAdminCredential() #14062

Closed
mjlshen opened this issue May 9, 2024 · 1 comment
Closed

Unable to initialize kubernetes provider with listClusterAdminCredential() #14062

mjlshen opened this issue May 9, 2024 · 1 comment
Assignees
@shenglol
Labels
Needs: Triage 🔍

Comments

@mjlshen
Copy link

mjlshen commented May 9, 2024
edited

Bicep version

❯ az bicep version
Bicep CLI version 0.27.1 (4b41cb6d4b)

Describe the bug
I am attempting to create an AKS cluster and initialize the Bicep extensibility Kubernetes provider and am unable to do so, running az deployment group create I get the following error:

InvalidTemplate - Deployment template language expression evaluation failed: 'The template function 'listClusterAdminCredential' is not expected at this location. Please see https://aka.ms/arm-functions for usage details.'. Please see https://aka.ms/arm-functions for usage details.

To Reproduce
Steps to reproduce the behavior:

  1. Reference an existing AKS cluster or create a new one, then try to retrieve its kubeconfig and use it
resource aks 'Microsoft.ContainerService/managedClusters@2024-02-01' existing = {
  name: 'aks'
}

provider kubernetes with {
  kubeConfig: aks.listClusterAdminCredential().kubeconfigs[0].value
  namespace: 'default'
}
  1. Attempt to deploy it, e.g.
az deployment group create --name "test" --resource-group "test" --template-file "test.bicep" --confirm-with-what-if

Additional context
@shenglol
Copy link
Contributor

shenglol commented May 22, 2024
edited

Hi @mjlshen, this is by design due to a limitation of the ARM template evaluation engine. The provider config values must be deploy-time constants. If you need to use listClusterAdminCredential, it must be specified via a module parameter:

// main.bicep
resource aks 'Microsoft.ContainerService/managedClusters@2022-05-02-preview' existing = {
  name: 'demoAKSCluster'
}

module kubernetesDeploy './kubernetes.bicep' = {
  name: 'kubernetesDeploy'
  params: {
    kubeConfig: aks.listClusterAdminCredential().kubeconfigs[0].value
  }
}

// kubernetes.bicep
provider kubernetes with {
  kubeConfig: kubeConfig
  namespace: 'default'
}

param kubeConfig secureString

We will improve the Bicep compiler to make sure the error is captured at compile time.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@shenglol shenglol

Labels
Needs: Triage 🔍
Projects
Bicep
Status: Done
Milestone
No milestone
Development

No branches or pull requests
2 participants
@mjlshen @shenglol