Unable to create AKS cluster via cli

Kubernetes
#1

@Tej-Singh-Rana I request you to please help on the below issue.

I am not able to create AKS cluster via CLI. I am getting policy denied error. However yesterday I was able to create it.

Command: az aks create --resource-group ODL-azure-994430 --name handsonaks --vnet-subnet-id $VNET_SUBNET_ID --enable-managed-identity --assign-identity $IDENTITY_ID --enable-private-cluster --node-count 2 --node-vm-size Standard_B2s --generate-ssh-keys

Error:

(RequestDisallowedByPolicy) Resource ‘handsonaks’ was disallowed by policy. Policy identifiers: ‘[{“policyAssignment”:{“name”:“azure8922-994430-PolicyDefinition-ODL-azure-994430”,“id”:“/subscriptions/b2aec48f-6dad-4d57-ad25-dad521fe74a4/resourceGroups/ODL-azure-994430/providers/Microsoft.Authorization/policyAssignments/azure8922-994430-PolicyDefinition-ODL-azure-994430”},“policyDefinition”:{“name”:“azure8922-994430-PolicyDefinition”,“id”:“/subscriptions/b2aec48f-6dad-4d57-ad25-dad521fe74a4/providers/Microsoft.Authorization/policyDefinitions/azure8922-994430-PolicyDefinition”}}]’.
Code: RequestDisallowedByPolicy
Message: Resource ‘handsonaks’ was disallowed by policy. Policy identifiers: ‘[{“policyAssignment”:{“name”:“azure8922-994430-PolicyDefinition-ODL-azure-994430”,“id”:“/subscriptions/b2aec48f-6dad-4d57-ad25-dad521fe74a4/resourceGroups/ODL-azure-994430/providers/Microsoft.Authorization/policyAssignments/azure8922-994430-PolicyDefinition-ODL-azure-994430”},“policyDefinition”:{“name”:“azure8922-994430-PolicyDefinition”,“id”:“/subscriptions/b2aec48f-6dad-4d57-ad25-dad521fe74a4/providers/Microsoft.Authorization/policyDefinitions/azure8922-994430-PolicyDefinition”}}]’.
Target: handsonaks
Additional Information:Type: PolicyViolation
Info: {
“evaluationDetails”: {
“evaluatedExpressions”: [
{
“result”: “False”,
“expressionKind”: “Field”,
“expression”: “type”,
“path”: “type”,
“expressionValue”: “Microsoft.ContainerService/managedClusters”,
“targetValue”: “Microsoft.Compute/virtualMachines”,
“operator”: “Like”
},
{
“result”: “False”,
“expressionKind”: “Field”,
“expression”: “type”,
“path”: “type”,
“expressionValue”: “Microsoft.ContainerService/managedClusters”,
“targetValue”: “Microsoft.Compute/sshPublicKeys”,
“operator”: “Like”
},
{
“result”: “False”,
“expressionKind”: “Field”,
“expression”: “type”,
“path”: “type”,
“expressionValue”: “Microsoft.ContainerService/managedClusters”,
“targetValue”: “Microsoft.Compute/virtualMachines/extensions”,
“operator”: “Like”
},
{
“result”: “False”,
“expressionKind”: “Field”,
“expression”: “type”,
“path”: “type”,
“expressionValue”: “Microsoft.ContainerService/managedClusters”,
“targetValue”: “Microsoft.Compute/virtualMachineScaleSets”,
“operator”: “Like”
},
{
“result”: “False”,
“expressionKind”: “Field”,
“expression”: “type”,
“path”: “type”,
“expressionValue”: “Microsoft.ContainerService/managedClusters”,
“targetValue”: “Microsoft.Network/applicationGateways”,
“operator”: “Like”
},
{
“result”: “False”,
“expressionKind”: “Field”,
“expression”: “type”,
“path”: “type”,
“expressionValue”: “Microsoft.ContainerService/managedClusters”,
“targetValue”: “Microsoft.Compute/disks”,
“operator”: “Like”
},
{
“result”: “False”,
“expressionKind”: “Field”,
“expression”: “type”,
“path”: “type”,
“expressionValue”: “Microsoft.ContainerService/managedClusters”,
“targetValue”: “Microsoft.Storage”,
“operator”: “Like”
},
{
“result”: “False”,
“expressionKind”: “Field”,
“expression”: “type”,
“path”: “type”,
“expressionValue”: “Microsoft.ContainerService/managedClusters”,
“targetValue”: “Microsoft.Network/networkInterfaces”,
“operator”: “Like”
},
{
“result”: “False”,
“expressionKind”: “Field”,
“expression”: “type”,
“path”: “type”,
“expressionValue”: “Microsoft.ContainerService/managedClusters”,
“targetValue”: “Microsoft.Network/networkSecurityGroups”,
“operator”: “Like”
},
{
“result”: “False”,
“expressionKind”: “Field”,
“expression”: “type”,
“path”: “type”,
“expressionValue”: “Microsoft.ContainerService/managedClusters”,
“targetValue”: “Microsoft.Network/publicIPAddresses”,
“operator”: “Like”
},
{
“result”: “False”,
“expressionKind”: “Field”,
“expression”: “type”,
“path”: “type”,
“expressionValue”: “Microsoft.ContainerService/managedClusters”,
“targetValue”: “Microsoft.Network/virtualNetworks”,
“operator”: “Like”
},
{
“result”: “False”,
“expressionKind”: “Field”,
“expression”: “type”,
“path”: “type”,
“expressionValue”: “Microsoft.ContainerService/managedClusters”,
“targetValue”: “Microsoft.DocumentDB/databaseAccounts”,
“operator”: “Like”
},
{
“result”: “False”,
“expressionKind”: “Field”,
“expression”: “type”,
“path”: “type”,
“expressionValue”: “Microsoft.ContainerService/managedClusters”,
“targetValue”: “Microsoft.Web/serverFarms”,
“operator”: “Like”
},
{
“result”: “False”,
“expressionKind”: “Field”,
“expression”: “type”,
“path”: “type”,
“expressionValue”: “Microsoft.ContainerService/managedClusters”,
“targetValue”: “Microsoft.Web/sites”,
“operator”: “Like”
},
{
“result”: “False”,
“expressionKind”: “Field”,
“expression”: “type”,
“path”: “type”,
“expressionValue”: “Microsoft.ContainerService/managedClusters”,
“targetValue”: “Microsoft.Sql/servers”,
“operator”: “Like”
},
{
“result”: “False”,
“expressionKind”: “Field”,
“expression”: “type”,
“path”: “type”,
“expressionValue”: “Microsoft.ContainerService/managedClusters”,
“targetValue”: “Microsoft.ManagedIdentity/userAssignedIdentities”,
“operator”: “Like”
},
{
“result”: “False”,
“expressionKind”: “Field”,
“expression”: “type”,
“path”: “type”,
“expressionValue”: “Microsoft.ContainerService/managedClusters”,
“targetValue”: “Microsoft.Network/loadBalancers”,
“operator”: “Like”
},
{
“result”: “False”,
“expressionKind”: “Field”,
“expression”: “type”,
“path”: “type”,
“expressionValue”: “Microsoft.ContainerService/managedClusters”,
“targetValue”: “Microsoft.Network/routeTables”,
“operator”: “Like”
},
{
“result”: “True”,
“expressionKind”: “Field”,
“expression”: “type”,
“path”: “type”,
“expressionValue”: “Microsoft.ContainerService/managedClusters”,
“targetValue”: “Microsoft.ContainerService/managedClusters”,
“operator”: “Equals”
},
{
“result”: “True”,
“expressionKind”: “Field”,
“expression”: “type”,
“path”: “type”,
“expressionValue”: “Microsoft.ContainerService/managedClusters”,
“targetValue”: “Microsoft.ContainerService/managedClusters”,
“operator”: “Equals”
},
{
“result”: “False”,
“expressionKind”: “Field”,
“expression”: “Microsoft.ContainerService/managedClusters/agentPoolProfiles[].name",
“path”: "properties.agentPoolProfiles[].name”,
“expressionValue”: “nodepool1”,
“targetValue”: “agentpool”,
“operator”: “Equals”
}
]
},
“policyDefinitionId”: “/subscriptions/b2aec48f-6dad-4d57-ad25-dad521fe74a4/providers/Microsoft.Authorization/policyDefinitions/azure8922-994430-PolicyDefinition”,
“policyDefinitionName”: “azure8922-994430-PolicyDefinition”,
“policyDefinitionDisplayName”: “azure8922-994430-PolicyDefinition”,
“policyDefinitionEffect”: “deny”,
“policyAssignmentId”: “/subscriptions/b2aec48f-6dad-4d57-ad25-dad521fe74a4/resourceGroups/ODL-azure-994430/providers/Microsoft.Authorization/policyAssignments/azure8922-994430-PolicyDefinition-ODL-azure-994430”,
“policyAssignmentName”: “azure8922-994430-PolicyDefinition-ODL-azure-994430”,
“policyAssignmentDisplayName”: “azure8922-994430-PolicyDefinition-ODL-azure-994430”,
“policyAssignmentScope”: “/subscriptions/b2aec48f-6dad-4d57-ad25-dad521fe74a4/resourceGroups/ODL-azure-994430”,
“policyAssignmentParameters”: {},
“policyExemptionIds”: []
}

#2

@Tej-Singh-Rana : Any update for this issue?