Reputation: 2682
Adding vnet rule through AZ cli fails with 500 errors
I'm experimenting with Azure AKS, and I'm running into problems with adding a vnet rule for my SQL server via the Azure CLI. It dies with an error:
Error occurred in request., RetryError: HTTPSConnectionPool(host='management.azure.com', port=443): Max retries exceeded with url:
/subscriptions/...path omitted.../mysql/virtualNetworkRules/my-vnet-rule?api-version=2015-05-01-preview (Caused by ResponseError('too many 500 error responses',))
This is what I've done so far:
az group create --name myrg --location centralus
az aks create -n mycluster -g myrg --generate-ssh-keys
az aks get-credentials -g myrg -n mycluster
az sql server create --name mysql -g myrg --location centralus --admin-user myuser --admin-password mypassword
at this point I end up with two RGs, one named "myrg" and one named "CM_myrg_mycluster_centralus". My SQL server is in "myrg" and there is a vnet "aks-vnet-1234567" in CM_*. The vnet contains a subnet "aks-subnet".
I then try to add the vnet rule:
az sql server vnet-rule create --name my-vnet-rule --server mysql --vnet "MC_myrg_mycluster_centralus/aks-vnet" -g mygroup --subnet "aks-subnet"
And get the error above.
I also tried specifying the vnet including the number postfix (e.g. aks-vnet-1234567) but same error.
This probably means I'm not using the right syntax somewhere. Could someone clarify?
AZ CLI 2.0.21 Linux (Ubuntu)
Upvotes: 1
Views: 1451
Answers (2)
Reputation: 1
After adding service endpoints and using the subnet ID, I still got 500. The problem was that the Microsoft.Sql resource provider was not registered in the subscription where my vnet was.
This is fixed by going to "Resource providers" under the subscription, search for the "Microsoft.Sql" provider and then press "register".
Upvotes: 0
Reputation: 2682
I solved it this way:
Before this can be done, I needed to add sql to service endpoints:
az network vnet subnet update -n aks-subnet -g myrg --vnet-name aks-vnet-xxx --service-endpoints "Microsoft.Sql"Reworked the query to use
--subnet IDinstead of--subnet NAMEand--vnet-name. It should probably be doable using the previous syntax as well.
Vnet-name will be something like /subscriptions/.../resourceGroups.../aks-subnet
Your rule should now be created. You can also use -i to ignore service endpoints during the rule creation, but i believe that will end up with a disabled rule.
Upvotes: 1
Related Questions
- How to deploy Azure Container Instance to VNET using Azure CLI
- AZ Azure Commands fail: error: the following arguments are required: --name/-n, --resource-group/-g
- How to add Azure Container App adding to a VNET
- Azure Web App: Cannot add a VNET Restriction Rule using PowerShell when VNET is on a different subscription
- Network Rules of storage account blocking container creation
- SQL Server does not allow for firewall update - Error creating the Firewall Rule instance
- Cannot create AKS in azure with command "az aks create"
- Adding VNET Rules to PostgreSQL Server via Azure ARM Template
- Update an existing Azure load balancer with a new rule fails
- Configure existing VNET while creating Microsoft Azure Container Service (DC/OS)