This browser is no longer supported.
Upgrade to Microsoft Edge to take advantage of the latest features, security updates, and technical support.
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(310.4, 23%, 40%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESH%3C/text%3E%3C/svg%3E)
Problem #1:
I'm trying out 3-exercise-create-resources and I use this command:
az aks create --resource-group $RESOURCE_GROUP \
--name $AKS_CLUSTER_NAME \
--node-count 3 \
--generate-ssh-keys \
--node-vm-size Standard_B2s \
--enable-managed-identity \
--location eastus \
--enable-addons http_application_routing
I get this error after having carefully followed the instructions in the learn module prior to the az aks create command...
(RequestDisallowedByPolicy) Provisioning of resource(s) for container service ship-manager-cluster in resource group learn-8ab97542-bdf0-444f-a376-c8e6102b5d83 failed. Message: Resource 'aks-nodepool1-36819531-vmss' was disallowed by policy. Policy identifiers: '[{"policyAssignment":{"name":"containers-assignment","id":"/providers/Microsoft.Management/managementGroups/eab64c3d-95b6-9f1f-755f-9f8578c31e45/providers/Microsoft.Authorization/policyAssignments/containers-assignment"},"policyDefinition":{"name":"Allowed resource types","id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c"},"policySetDefinition":{"name":"containers-initiative","id":"/providers/Microsoft.Management/managementGroups/learn-sandbox-prod/providers/Microsoft.Authorization/policySetDefinitions/containers-initiative"},"policyDefinitionReferenceId":"allowed-resource-types_1"}]'.. Details:
Code: RequestDisallowedByPolicy
Message: Provisioning of resource(s) for container service ship-manager-cluster in resource group learn-8ab97542-bdf0-444f-a376-c8e6102b5d83 failed. Message: Resource 'aks-nodepool1-36819531-vmss' was disallowed by policy. Policy identifiers: '[{"policyAssignment":{"name":"containers-assignment","id":"/providers/Microsoft.Management/managementGroups/eab64c3d-95b6-9f1f-755f-9f8578c31e45/providers/Microsoft.Authorization/policyAssignments/containers-assignment"},"policyDefinition":{"name":"Allowed resource types","id":"/providers/Microsoft.Authorization/policyDefinitions/a08ec900-254a-4555-9bf5-e42af04b5c5c"},"policySetDefinition":{"name":"containers-initiative","id":"/providers/Microsoft.Management/managementGroups/learn-sandbox-prod/providers/Microsoft.Authorization/policySetDefinitions/containers-initiative"},"policyDefinitionReferenceId":"allowed-resource-types_1"}]'.. Details:
Problem #2 (Added Sat May 28 2022):
When I proceed using my own personal account I can create the cluster and then proceed to creating the Ingress network for the back end with this command:
kubectl apply -f backend-network.yaml
I get this error:
Error: resource mapping not found for name: "ship-manager-backend" namespace: "" from "backend-network.yaml": no matches for kind "Ingress" in version "networking.k8s.io/v1beta1"
Aw shucks... the tutorial is broken again...
After some bing/google searching I see that v1beta1 is old. I tried using /v1 instead of /v1beta but this did not help.
I would love to see this tutorial work again because it is much simpler than the Ingress I use now where I explicitly create a public IP address and explicitly apply a letsencrypt certificate (much more code!).
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(118.4, 98%, 21%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EKM%3C/text%3E%3C/svg%3E)
@Siegfried Heintze
The reason you could be getting this error is because as part of your exercise you're creating a Cosmos resource and your Subscription Administrator might have set a policy that disallows the creation of such resources.
You will need to contact your Subscription Administrator so that they can change the policy to allow creation of Cosmos resources.
You can read more about Azure Policy here: https://learn.microsoft.com/en-us/azure/governance/policy/overview.
Source: https://stackoverflow.com/questions/61987966/resource-was-disallowed-by-policy
Please try this and let me know if that helps.
I'm confused: I was able to complete this other learn module on cosmos and as explained by the author (Mark Brown -- the Cosmos DB PM) on youtube.com, the learn module uses a sandbox and the concierge account instead of my personal paid for account. I had no trouble with this.
Thanks
Siegfried