{
“error”: {
“code”: “InvalidTemplateDeployment”,
“details”: [
{
“code”: “RequestDisallowedByPolicy”,
“target”: “redis-cluster”,
“message”: “Resource ‘redis-cluster’ was disallowed by policy. Reasons: ‘Allowed VM sizes: Standard_D2s_v3, Standard_K8S2_v1, Standard_K8S_v1. Max agent pool: 2. Max node pool: 1. Container insights & alerting must be disabled. Update configuration to comply.’. See error details for policy resource IDs.”,
“additionalInfo”: [
{
“type”: “PolicyViolation”,
“info”: {
“evaluationDetails”: {
“evaluatedExpressions”: [
{
“result”: “True”,
“expressionKind”: “Field”,
“expression”: “type”,
“path”: “type”,
“expressionValue”: “Microsoft.ContainerService/managedClusters”,
“targetValue”: “Microsoft.ContainerService/managedClusters”,
“operator”: “Equals”
},
{
“result”: “False”,
“expressionKind”: “Field”,
“expression”: “Microsoft.ContainerService/managedClusters/agentPoolProfiles[].vmSize",
“path”: "properties.agentPoolProfiles[].vmSize”,
“expressionValue”: [
“Standard_D8ds_v5”,
“Standard_D8ds_v5”,
“Standard_D2ls_v5”
],
“targetValue”: [
“Standard_D2s_v3”,
“Standard_K8S2_v1”,
“Standard_K8S_v1”
],
“operator”: “In”
}
],
“reason”: “Allowed VM sizes: Standard_D2s_v3, Standard_K8S2_v1, Standard_K8S_v1. Max agent pool: 2. Max node pool: 1. Container insights & alerting must be disabled. Update configuration to comply.”
},
“policyDefinitionId”: “/subscriptions/a2b28c85-1948-4263-90ca-bade2bac4df4/providers/Microsoft.Authorization/policyDefinitions/container_service_v2-kml”,
“policySetDefinitionId”: “/subscriptions/a2b28c85-1948-4263-90ca-bade2bac4df4/providers/Microsoft.Authorization/policySetDefinitions/global-limits_a2b28c85-1948-4263-90ca-bade2bac4df4-kml”,
“policyDefinitionReferenceId”: “container_service_v2-kml_ref”,
“policySetDefinitionName”: “global-limits_a2b28c85-1948-4263-90ca-bade2bac4df4-kml”,
“policySetDefinitionDisplayName”: “global-limits_a2b28c85-1948-4263-90ca-bade2bac4df4-kml”,
“policySetDefinitionVersion”: “1.0.0”,
“policyDefinitionName”: “container_service_v2-kml”,
“policyDefinitionDisplayName”: “container_service_v2-kml”,
“policyDefinitionVersion”: “1.0.0”,
“policyDefinitionEffect”: “deny”,
“policyAssignmentId”: “/subscriptions/a2b28c85-1948-4263-90ca-bade2bac4df4/providers/Microsoft.Authorization/policyAssignments/global-limits_a2b28c85-1948-4263-90ca-bade2bac4df4-kml”,
“policyAssignmentName”: “global-limits_a2b28c85-1948-4263-90ca-bade2bac4df4-kml”,
“policyAssignmentDisplayName”: “global-limits_a2b28c85-1948-4263-90ca-bade2bac4df4-kml”,
“policyAssignmentScope”: “/subscriptions/a2b28c85-1948-4263-90ca-bade2bac4df4”,
“policyAssignmentParameters”: {},
“policyExemptionIds”: [],
“policyEnrollmentIds”: []
}
}
]
},
{
“code”: “RequestDisallowedByPolicy”,
“target”: “RecommendedAlertRules-AG-ef786c”,
“message”: “Resource ‘RecommendedAlertRules-AG-ef786c’ was disallowed by policy. Reasons: ‘This resource type is not allowed. Please use an approved service.’. See error details for policy resource IDs.”,
“additionalInfo”: [
{
“type”: “PolicyViolation”,
“info”: {
“evaluationDetails”: {
“evaluatedExpressions”: [
{
“result”: “False”,
“expressionKind”: “Field”,
“expression”: “type”,
“path”: “type”,
“expressionValue”: “microsoft.insights/actionGroups”,
“targetValue”: [
“Microsoft.Compute/virtualMachines”,
“Microsoft.Compute/virtualMachineScaleSets”,
“Microsoft.Compute/availabilitySets”,
“Microsoft.Compute/disks”,
“Microsoft.Compute/sshPublicKeys”,
“Microsoft.Compute/virtualMachines/extensions”,
“Microsoft.Storage”,
“Microsoft.Storage/storageAccounts”,
“Microsoft.Network/networkInterfaces”,
“Microsoft.Network/networkSecurityGroups”,
“Microsoft.Network/publicIPAddresses”,
“Microsoft.Network/virtualNetworks”,
“Microsoft.Network/privateEndpoints”,
“Microsoft.Network/privateDnsZones”,
“Microsoft.Network/privateDnsZones/virtualNetworkLinks”,
“Microsoft.Network/loadBalancers”,
“Microsoft.Network/routeTables”,
“Microsoft.Network/firewallPolicies”,
“Microsoft.Network/azureFirewalls”,
“Microsoft.Network/applicationGateways”,
“Microsoft.DocumentDB/databaseAccounts”,
“Microsoft.Web/serverFarms”,
“Microsoft.Web/sites”,
“Microsoft.Sql/servers”,
“Microsoft.Sql/servers/databases”,
“Microsoft.ManagedIdentity/userAssignedIdentities”,
“Microsoft.ContainerService/managedClusters”,
“Microsoft.ContainerService/managedClusters/agentPools”,
“Microsoft.DataLakeAnalytics/accounts”,
“Microsoft.Synapse/workspaces”,
“Microsoft.Logic/workflows”,
“Microsoft.KeyVault/vaults”,
“Microsoft.MachineLearningServices/workspaces”,
“Microsoft.OperationalInsights/workspaces”,
“Microsoft.SecurityInsights/workspaces”,
“Microsoft.ContainerRegistry/registries”,
“Microsoft.ContainerRegistry/registries/replications”,
“Microsoft.ServiceBus/namespaces”,
“Microsoft.EventHub/namespaces”,
“Microsoft.ApiManagement/service”,
“Microsoft.App/containerApps”,
“Microsoft.App/managedEnvironments”,
“Microsoft.Cdn/profiles”,
“microsoft.cdn/profiles/endpoints”,
“Microsoft.Cdn/Profiles/AfdEndpoints”,
“Microsoft.Cdn/Profiles/OriginGroups”,
“Microsoft.Cdn/Profiles/OriginGroups/Origins”,
“Microsoft.Cdn/Profiles/AfdEndpoints/Routes”,
“Microsoft.Network/frontdoors”,
“Microsoft.ContainerInstance/containerGroups”,
“Microsoft.OperationalInsights/workspaces”,
“Microsoft.EventGrid/topics”,
“Microsoft.EventGrid/namespaces”,
“Microsoft.EventGrid/domains”,
“Microsoft.Network/bastionHosts”,
“Microsoft.Network/natGateways”,
“Microsoft.Network/publicipprefixes”,
“Microsoft.Network/virtualHubs”,
“Microsoft.Network/trafficManagerProfiles”,
“Microsoft.Network/virtualWans”,
“Microsoft.Network/privateLinkServices”,
“Microsoft.Network/virtualNetworkGateways”,
“Microsoft.AppConfiguration/configurationStores”,
“Microsoft.Devices/IotHubs”,
“Microsoft.IoTCentral/iotApps”,
“Microsoft.Devices/ProvisioningServices”,
“Microsoft.Insights/dataCollectionRules”
],
“operator”: “In”
}
],
“reason”: “This resource type is not allowed. Please use an approved service.”
},
“policyDefinitionId”: “/subscriptions/a2b28c85-1948-4263-90ca-bade2bac4df4/providers/Microsoft.Authorization/policyDefinitions/allowed_services_main-144c9ec5c9d74c38”,
“policySetDefinitionId”: “/subscriptions/a2b28c85-1948-4263-90ca-bade2bac4df4/providers/Microsoft.Authorization/policySetDefinitions/Azure_playground_main-144c9ec5c9d74c38”,
“policyDefinitionReferenceId”: “allowed_services_main-144c9ec5c9d74c38_ref”,
“policySetDefinitionName”: “Azure_playground_main-144c9ec5c9d74c38”,
“policySetDefinitionDisplayName”: “Azure_playground_main-144c9ec5c9d74c38”,
“policySetDefinitionVersion”: “1.0.0”,
“policyDefinitionName”: “allowed_services_main-144c9ec5c9d74c38”,
“policyDefinitionDisplayName”: “allowed_services_main-144c9ec5c9d74c38”,
“policyDefinitionVersion”: “1.0.0”,
“policyDefinitionEffect”: “deny”,
“policyAssignmentId”: “/subscriptions/a2b28c85-1948-4263-90ca-bade2bac4df4/resourceGroups/kml_rg_main-144c9ec5c9d74c38/providers/Microsoft.Authorization/policyAssignments/Azure_playground_main-144c9ec5c9d74c38”,
“policyAssignmentName”: “Azure_playground_main-144c9ec5c9d74c38”,
“policyAssignmentDisplayName”: “Azure_playground_main-144c9ec5c9d74c38”,
“policyAssignmentScope”: “/subscriptions/a2b28c85-1948-4263-90ca-bade2bac4df4/resourceGroups/kml_rg_main-144c9ec5c9d74c38”,
“policyAssignmentParameters”: {},
“policyExemptionIds”: [],
“policyEnrollmentIds”: []
}
}
]
},
{
“code”: “RequestDisallowedByPolicy”,
“target”: “CPU Usage Percentage - redis-cluster”,
“message”: “Resource ‘CPU Usage Percentage - redis-cluster’ was disallowed by policy. Reasons: ‘This resource type is not allowed. Please use an approved service.’. See error details for policy resource IDs.”,
“additionalInfo”: [
{
“type”: “PolicyViolation”,
“info”: {
“evaluationDetails”: {
“evaluatedExpressions”: [
{
“result”: “False”,
“expressionKind”: “Field”,
“expression”: “type”,
“path”: “type”,
“expressionValue”: “microsoft.insights/metricAlerts”,
“targetValue”: [
“Microsoft.Compute/virtualMachines”,
“Microsoft.Compute/virtualMachineScaleSets”,
“Microsoft.Compute/availabilitySets”,
“Microsoft.Compute/disks”,
“Microsoft.Compute/sshPublicKeys”,
“Microsoft.Compute/virtualMachines/extensions”,
“Microsoft.Storage”,
“Microsoft.Storage/storageAccounts”,
“Microsoft.Network/networkInterfaces”,
“Microsoft.Network/networkSecurityGroups”,
“Microsoft.Network/publicIPAddresses”,
“Microsoft.Network/virtualNetworks”,
“Microsoft.Network/privateEndpoints”,
“Microsoft.Network/privateDnsZones”,
“Microsoft.Network/privateDnsZones/virtualNetworkLinks”,
“Microsoft.Network/loadBalancers”,
“Microsoft.Network/routeTables”,
“Microsoft.Network/firewallPolicies”,
“Microsoft.Network/azureFirewalls”,
“Microsoft.Network/applicationGateways”,
“Microsoft.DocumentDB/databaseAccounts”,
“Microsoft.Web/serverFarms”,
“Microsoft.Web/sites”,
]
Hi @sweety.singh140994 ,
Please refer to this guide to create an AKS cluster. From the data you shared, I can see that you’re selecting multiple restricted resources that are not allowed by the policies.
Deploying an AKS Cluster: A Comprehensive Guide
Regards,