1

I am trying to create a container app using ARM template. The container app is within a VNet and ingress connection is also limited to VNet. I downloaded the template for automation from portal and it has this in template


{
    "name": "[parameters('environmentName')]",
    "location": "[parameters('location')]",
    "dependsOn": [
        "[concat('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName'))]",
        "Microsoft.Resources/deployments/newInfrastructureSubnetTemplate"
    ],
    "properties": {
        "internalLoadBalancerEnabled": false,
        "appLogsConfiguration": {
            "destination": "log-analytics",
            "logAnalyticsConfiguration": {
                "customerId": "[reference(concat('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName')), '2020-08-01').customerId]",
                "sharedKey": "[listKeys(concat('Microsoft.OperationalInsights/workspaces/', parameters('workspaceName')), '2020-08-01').primarySharedKey]"
            }
        },
        "vnetConfiguration": {
            "infrastructureSubnetId": "/subscriptions/<subscription-id>/resourceGroups/<resource-group-name>/providers/Microsoft.Network/virtualNetworks/containerapps-vnet/subnets/containerapps-subnet-0",
            "internal": true
        },
        "zoneRedundant": false
    },
    "apiVersion": "2022-03-01",
    "type": "Microsoft.App/managedEnvironments"
}

But this fails with an error because of failure due to managed cluster.

New-AzResourceGroupDeployment : 3:11:14 PM - The deployment 'template' failed with error(s). Showing 1 out of 1 error(s).
Status Message: Managed environment failed to initialize due to managed clusters failed. (Code:OperationFailed)
CorrelationId: <correlation-id>
At line:1 char:1
+ New-AzResourceGroupDeployment -ResourceGroupName dhapi-ml -TemplateFi ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    + CategoryInfo          : NotSpecified: (:) [New-AzResourceGroupDeployment], Exception
    + FullyQualifiedErrorId : Microsoft.Azure.Commands.ResourceManager.Cmdlets.Implementation.NewAzureResourceGroupDeploymentCmdlet

VNet, subnet and log-analytics workspace are also created using the same template as below for your reference.


{
    "apiVersion": "2020-08-01",
    "name": "[parameters('workspaceName')]",
    "type": "Microsoft.OperationalInsights/workspaces",
    "location": "[parameters('workspaceLocation')]",
    "dependsOn": [],
    "properties": {
        "sku": {
            "name": "PerGB2018"
        },
        "retentionInDays": 30,
        "workspaceCapping": {}
    }
},
{
    "type": "Microsoft.Resources/deployments",
    "apiVersion": "2020-06-01",
    "name": "newInfrastructureSubnetTemplate",
    "resourceGroup": "<resource-group-name>",
    "subscriptionId": "<subscription-id>",
    "properties": {
        "mode": "Incremental",
        "template": {
            "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
            "contentVersion": "1.0.0.0",
            "parameters": {},
            "variables": {},
            "resources": [
                {
                    "type": "Microsoft.Network/virtualNetworks/subnets",
                    "apiVersion": "2020-07-01",
                    "name": "containerapps-vnet/containerapps-subnet-0",
                    "properties": {
                        "delegations": [],
                        "serviceEndpoints": [],
                        "addressPrefix": "10.0.0.0/23"
                    }
                }
            ]
        }
    },
    "dependsOn": [
        "[resourceId('Microsoft.Network/virtualNetworks', 'containerapps-vnet')]"
    ]
},
{
    "type": "Microsoft.Network/virtualNetworks",
    "apiVersion": "2020-07-01",
    "location": "eastus",
    "name": "containerapps-vnet",
    "properties": {
        "addressSpace": {
            "addressPrefixes": [
                "10.0.0.0/16"
            ]
        },
        "subnets": []
    }
}
Ankur
  • 21
  • 5
  • Are you able to reproduce the problem repeatedly? – JJ. Jun 25 '22 at 00:20
  • @JJ. yes, it's coming up repeatedly. – Ankur Jun 25 '22 at 07:04
  • Please share correlationId of the recent failure – JJ. Jun 25 '22 at 17:37
  • The error you're getting is worthless, and I got it too. You're using 10.0.0.0/23 as infrastructure subnet. By default, the 10.0.0.0/16 range is used by Azure Container Apps for environment infrastructure components. This is probably causing the conflict. – Pi Wi Jun 26 '22 at 08:30
  • @JJ. Correlation Id: 1b3c0b0d-3e7b-4367-9fc9-1403bb1acb15 – Ankur Jun 26 '22 at 19:55
  • 1
    @Ankur Have a look at https://www.pimwiddershoven.nl/entry/azure-container-apps-and-azure-container-registry-with-bring-your-own-vnet. It is an example in Bicep so you should translate it to ARM when you can't or don't want to use Bicep. This is a working example. Disclaimer: it is my blog – Pi Wi Jun 26 '22 at 20:22
  • @PiWi Even in your blog, you have the same infra subnet 10.0.0.0/23 and address prefix in VNet as 10.10.0.0/16. The only difference I can see is how you are creating subnet in the same resource item as VNet but I have a different item for subnet to be created in VNet. 10.0.0.0/23 is the minimum address space required for Container Apps right? So this should work I guess. PS: Your blog is very nice. Thank you very much. – Ankur Jun 26 '22 at 23:28
  • In the blog 10.10.x.x is used and not the 10.0.x.x range. You can change the default CIDR range to something else if you want to use 10.0.0.0/23 instead. Just curious if this solves your problem. – Pi Wi Jun 28 '22 at 18:10
  • @Ankur The correlation id '1b3c0b0d-3e7b-4367-9fc9-1403bb1acb15' is the initial request. Could you try again and share the latest one. Thanks. – JJ. Jun 28 '22 at 19:24
  • Additionally, confirm your subscription is registered for `Microsoft.ContainerService` RP – JJ. Jun 28 '22 at 19:25
  • @PiWi I have 10.0.0.0/23 in one of my personal subscription and running a container app. there but in this subscription it fails at creating a managed environment when running through ARM. On my personal subscription I have created this manually using Azure Portal. – Ankur Jul 04 '22 at 04:47
  • @JJ. Damn, yeah the subscription is not registered for service. Is there any way I can register it with ARM template. (Not through Azure Portal or CLI) – Ankur Jul 04 '22 at 05:00
  • Only workaround is to refer the resource type from template. ARM will automatically register. – JJ. Jul 05 '22 at 21:33
  • I had to remove NAT from my 10.0.0.0/23 subnet as it ate away available address space. The deployment failed with the same error. – Ivar Sep 05 '22 at 13:44

2 Answers2

0

The subscription is not registered for service. Is there any way I can register it with ARM template. (Not through Azure Portal or CLI) .

Thank you @Shui shengbao As mentioned here, and after my research posting the same as an answer so that it will be beneficial for other members for similar issue.

It seems , There is no such way to register resource provider through ARM Template. You can use the manual registration ,if the resource provider is not registered in your subscription.

Alternatively, we can use the PowerShell to register resource provider by using below command (e.g):-

Register-AzResourceProvider -ProviderNamespace Microsoft.ContainerService

As its already registered in our subscription ,it might be showing you registering but you can do operations to deploy resources.

enter image description here

For more information please refer this MICROSOFT DOCUMENTATION| Register resource provider .

AjayKumarGhose
  • 4,257
  • 2
  • 4
  • 15
0

The subscription was not registered to use Microsoft.ContainerService I just registered it from portal or you can use powershell/azcli to do it. And then it worked to create the container app.

Ankur
  • 21
  • 5