graphrag-accelerator icon indicating copy to clipboard operation
graphrag-accelerator copied to clipboard
verified publisher icon Azure-Samples

Deployment of Azure resources failed due to a policy violation. VMSS deployments to have automatic OS upgrades enabled

Open singhravipratap opened this issue 11 months ago • 1 comments

Describe the bug The deployment of Azure resources failed due to a policy violation. Specifically, the subscription has a policy "MCAPSGov SFI Deny Policies" that disallowed the creation of the resource "aks-agentpool-36070728-vmss". The policy requires Virtual Machine Scale Sets (VMSS) deployments to have automatic OS upgrades enabled, which was not the case

Screenshots Screenshot 2025-01-08 021759

Additional context The policy "MCAPSGov SFI Deny Policies" enforces that VMSS deployments must have auto OS upgrades enabled. This policy is applied to the scope at MCAPSCore and has a default value of denied.

singhravipratap avatar Jan 08 '25 08:01 singhravipratap

@singhravipratap VMSS auto OS upgrades should not be enabled for AKS agent pools. AKS has different mechanisms for auto OS upgrades, and these are enabled in our bicep deployments. The policy should be modified to exclude VMSSes that are managed by AKS.

billierinaldi avatar Jan 16 '25 15:01 billierinaldi