I am creating a deployment on Azure from scratch consisting of various resources, e.g., Application Gateway, AKS cluster, Managed Identities. When checking az what-if after deploying, I can see some unexpected noise. I know that the team is working on eliminating as much noise as they can from the what-if output, but what is good practice with regards to this in the mean time?
- replicate the changes in the template, such that they don't appear?
- keep track of the previous 'what-if' output, then compare with the next one to see what actually changed?
- deploy in stages, such that the noisy part can be separated from the clean part?
- ...
I spotted various types of noise, easy or difficult to deal with:
- default properties that were not specified in the template. For example,
properties.networkProfile.ipFamilies == 'IPv4for a managedCluster. I could add this in the template to make it more complete, which would eliminate the noise. - external influences such as vnet peerings made by external parties. When outside parties peer with my
vnet, it changes its definition too, which then pops up as noise (properties.virtualNetworkPeerings). When re-applying, as far as I understood, it fortunately doesn't eliminate these peerings. However, it would be nice to know when it doesn't overwrite such changes. Is this described somewhere? - references such as
properties.principalId: "a09185a3d" => "[reference(resourceId('Microsoft.ManagedIdentity/userAssignedIdentities', parameters('test-mi')), '2018-11-30').principalId]". I've seen this described as a bug/issue on the tracker, yet to be resolved. - bidirectional information (don't have an example at hand), like allowing a resource access to the vnet, which would modify the vnet but would also show a reference to the vnet in the resource. This is superfluous information, and adding it to the template to make sure the
what-ifremains clean seems wrong.
So, generally speaking, I'm looking for some tips and tricks to get the cleanest workflow possible. Having proper feedback on the upcoming changes on a template is crucial to prevent mistakes.
