My first CRD deployment with CIS

Thanks for reading, and please leave questions in the comments!

I want try this azure demo.

But I get the following error while running Terraform: Unable to create a BIG-IP virtual machine.

​

----snip---

module.aks.azurerm_kubernetes_cluster.akscluster1: Still creating... [3m50s elapsed]

module.aks.azurerm_kubernetes_cluster.akscluster1: Still creating... [4m0s elapsed]

module.aks.azurerm_kubernetes_cluster.akscluster1: Still creating... [4m10s elapsed]

module.aks.azurerm_kubernetes_cluster.akscluster1: Creation complete after 4m11s [id=/subscriptions/xxxxxx-xxxx-xxx-xxxx-xxxx/resourcegroups/mydemo-rg/providers/Microsoft.ContainerService/managedClusters/mydemo-akscluster1]

module.aks.null_resource.dependency_setter: Creating...

module.aks.null_resource.dependency_setter: Creation complete after 0s [id=521882686397236009]

local_file.kube_config: Creating...

local_file.kube_config: Creation complete after 0s [id=378cb3a8c750d235cc12596f53c44dd14ef140aa]

​

Error: compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="ResourcePurchaseValidationFailed" Message="User failed validation to purchase resources. Error message: 'You have not accepted the legal terms on this subscription: 'xxxxxx-xxxx-xxx-xxxx-xxxx' for this plan. Before the subscription can be used, you need to accept the legal terms of the image. To read and accept legal terms, use the Azure CLI commands described at https://go.microsoft.com/fwlink/?linkid=2110637 or the PowerShell commands available at https://go.microsoft.com/fwlink/?linkid=862451. Alternatively, deploying via the Azure portal provides a UI experience for reading and accepting the legal terms. Offer details: publisher='f5-networks' offer = 'f5-big-ip-best', sku = 'f5-bigip-virtual-edition-25m-best-hourly', Correlation Id: 'e106abe7-5091-4674-bf6b-ba70ca63d32f'.'"

​

 on bigip/bigip.tf line 392, in resource "azurerm_virtual_machine" "f5vm01":

 392: resource "azurerm_virtual_machine" "f5vm01" {

​

------------------------

​

So, I apply to following azure cli command.​

# az vm image terms accept --urn f5-networks:f5-big-ip-best:f5-bigip-virtual-edition-25m-best-hourly:latest

{

 "accepted": true,

 "id": "/subscriptions/xxxxxx-xxxx-xxx-xxxx-xxxx/providers/Microsoft.MarketplaceOrdering/offerTypes/VirtualMachine/publishers/f5-networks/offers/f5-big-ip-best/plans/f5-bigip-virtual-edition-25m-best-hourly/agreements/current",

 "licenseTextLink": "https://storelegalterms.blob.core.windows.net/legalterms/.......ONAYGP36CIIPCICJX3ZZ7PA.txt",

 "name": "f5-bigip-virtual-edition-25m-best-hourly",

 "plan": "f5-bigip-virtual-edition-25m-best-hourly",

 "privacyPolicyLink": "https://www.f5.com/company/policies/privacy-policy",

 "product": "f5-big-ip-best",

 "publisher": "f5-networks",

 "retrieveDatetime": "2021-01-30T21:37:58.6548819Z",

 "signature": "XXXXXXXXXXXXXXXXXXXXXXXXXNJUVJXKAMIQ6O4E7AO5UXDTEBR4R2S4BSN3E3CWUR5HJHWGGVRV5HKGBX3JKUYQ",

 "

-----------------------------------

​

​

But, I can't seem to get rid of the error.

---------------------------------------------------------------

Error: compute.VirtualMachinesClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="ResourcePurchaseValidationFailed" Message="User failed validation to purchase resources. Error message: 'Offer with PublisherId: 'f5-networks', OfferId: 'f5-big-ip-best' cannot be purchased due to validation errors. For more information see details. Correlation Id: '4b93dfeb-a33d-481d-9650-13e67f9e1abb' The 'unknown' payment instrument(s) is not supported for offer with OfferId: 'f5-big-ip-best', PlanId 'f5-bigip-virtual-edition-25m-best-hourly'. Correlation Id '4b93dfeb-a33d-481d-9650-13e67f9e1abb'.'"

 on bigip/bigip.tf line 392, in resource "azurerm_virtual_machine" "f5vm01":

 392: resource "azurerm_virtual_machine" "f5vm01" {

---------------------------------------------------------------

Do you know of any solution?

Hi Shingo!

Thanks for trying this out. You have a clue in this part of your error message: User failed validation to purchase resources. Error message: 'You have not accepted the legal terms on this subscription: 'xxxxxx-xxxx-xxx-xxxx-xxxx' for this plan

The problem is that you need to accept the marketplace image terms for this subscription. This is a once-off only thing you'll need to do per subscription. You can do this in a few ways.

1) you can use Powershell, and the instructions to do this are in the error message, or

2) you can just deploy this image once via the Azure portal: f5-bigip-virtual-edition-25m-best-hourly'

Option #2 is probably easiest. If you need help with this, let me know and/or email or message me directly, thanks!

Hi Michael !

Thanks for the advice. I was able to confirm that the NGINX Hello-World App was displayed via LB and BIGIP's Virtual Server.

Where is the association between VirtualServer and NginxIngress tied?

# cat ingress/cis/crd/virtualserver.yaml
apiVersion: "cis.f5.com/v1"
kind: VirtualServer
metadata:
  name: hello-world-virtual-server
  namespace: nginx-ingress
  labels:
    f5cr: "true"
spec:
  tlsProfileName: hello-world-tls  
  virtualServerAddress: "20.0.2.100"
  pools:
  - path: /
    service: nginx-ingress      #  ---->> Is This ingress/nginx/service/service.yaml ?
    servicePort: 80
    monitor:
      type: http
      interval: 10
      timeout: 31
      send: "/"

Hi Shingo. Great to hear. I think you put a question in line 14 above and you are correct. The service called nginx-ingress is referenced there. Nice work.