aks_acr code complains about kubelet_identity

[sunilnagavelli]

Dear Houssem,

I am getting the following error when i run this code, azurerm_kubernetes_cluster.aks_cluster.kubelet_identity is empty list of object

Full Stack of the Error Trace:

│ Error: Failed to write plan file
│ 
│ The plan file could not be written: failed to write state snapshot: Failed
│ to serialize resource instance in state: Instance
│ data.azurerm_kubernetes_cluster.aks_cluster_data has status ObjectPlanned,
│ which cannot be saved in state..
╵
╷
│ Error: Invalid index
│ 
│   on azurerm_aks_cluster.tf line 164, in resource "azurerm_role_assignment" "acr_pull_role":
│  164:   principal_id                     = azurerm_kubernetes_cluster.aks_cluster.kubelet_identity.0.object_id
│     ├────────────────
│     │ azurerm_kubernetes_cluster.aks_cluster.kubelet_identity is empty list of object
│ 
│ The given key does not identify an element in this collection value: the
│ collection has no elements.
╵
Operation failed: failed running terraform plan (exit 1)�

aks cluster terraform code

terraform {
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 3.55.0"
    }
  }
  required_version = "~> 1.4.0"
}

# Azure Kubernetes Service

resource "random_string" "random_str" {
  length  = 8
  special = false
  upper   = false
}

# AKS Cluster
resource "azurerm_kubernetes_cluster" "aks_cluster" {
  name                = "aks-cluster-${local.suffix}"
  location            = var.location
  resource_group_name = var.rg_name
  dns_prefix          = replace("akscluster${local.suffix}", "-", "")

  # Network related settings
  network_profile {
    network_plugin      = var.network_profile.network_plugin
    network_policy      = var.network_profile.network_policy
    network_plugin_mode = var.network_profile.network_plugin_mode
  }

  api_server_access_profile {
    authorized_ip_ranges = var.aks_authorized_ips
  }

  http_application_routing_enabled = true

  identity {
    type = "SystemAssigned"
  }

  local_account_disabled = false

  role_based_access_control_enabled = true

  azure_active_directory_role_based_access_control {
    managed            = true
    azure_rbac_enabled = true
    #admin_group_object_ids = values(var.aks_admin_groups_aad)
  }

  default_node_pool {
    name                        = "default"
    node_count                  = var.default_node_pool.node_count
    vm_size                     = var.default_node_pool.vm_size
    temporary_name_for_rotation = lower("tmp${random_string.random_str.result}")
  }

  tags = var.tags
}

resource "azurerm_role_assignment" "aad_rbac_cluster_admin" {
  scope              = azurerm_kubernetes_cluster.aks_cluster.id
  role_definition_id = data.azurerm_role_definition.aad_rbac_cluster_admin.id
  for_each           = var.aks_admin_groups_aad
  principal_id       = each.value
}

resource "azurerm_role_assignment" "aad_rbac_aks_cluster_admin_role" {
  scope              = azurerm_kubernetes_cluster.aks_cluster.id
  role_definition_id = data.azurerm_role_definition.aad_rbac_aks_cluster_admin_role.id
  for_each           = var.aks_admin_groups_aad
  principal_id       = each.value
}

resource "azurerm_kubernetes_cluster_node_pool" "aks_node_pools" {
  for_each = var.aks_node_pools

  name                  = each.key
  kubernetes_cluster_id = azurerm_kubernetes_cluster.aks_cluster.id
  vm_size               = each.value.vm_size
  node_count            = each.value.node_count
  enable_auto_scaling   = each.value.enable_auto_scaling
  min_count             = each.value.min_count
  max_count             = each.value.max_count
}

# Retrieve the AKS cluster principal ID
data "azurerm_kubernetes_cluster" "aks_cluster_data" {
  name                = azurerm_kubernetes_cluster.aks_cluster.name
  resource_group_name = azurerm_kubernetes_cluster.aks_cluster.resource_group_name

  depends_on = [azurerm_kubernetes_cluster.aks_cluster]
}

# kubeconfig_file = "${path.module}/kubeconfig"
resource "local_file" "kubeconfig" {
  filename   = "${path.module}/kubeconfig"
  content    = azurerm_kubernetes_cluster.aks_cluster.kube_config_raw
  depends_on = [azurerm_kubernetes_cluster.aks_cluster]
}

resource "azurerm_role_assignment" "acr_pull_role" {
  scope                            = azurerm_container_registry.container_registry.id
  role_definition_name             = "AcrPull"
  principal_id                     = azurerm_kubernetes_cluster.aks_cluster.kubelet_identity.0.object_id
  skip_service_principal_aad_check = true
  depends_on                       = [azurerm_kubernetes_cluster.aks_cluster, azurerm_container_registry.container_registry]
}

# ACR terraform code

resource "azurerm_container_registry" "container_registry" {
  location            = var.location
  name                = local.acr_name
  resource_group_name = var.rg_name
  sku                 = var.acr_sku_qa

  retention_policy {
    days    = var.acr_retention_period
    enabled = true
  }
}