Please create all the kubernetes related resources in the same resource group.
The policies in the company don't allow custom naming for azure resource groups. This is really getting the way of using AKS for production use.
This has been completed.
By default, AKS will name the node resource group MC_resourcegroupname_clustername_location, but you can also provide your own name.
This means that users are no longer locked into the MC_* resource name group. On cluster creation you may pass in a custom RG and AKS will inherit that RG, permissions and attach AKS resources to the customer provided resource group.
AKS Release Detail on GitHub: https://github.com/Azure/AKS/blob/master/CHANGELOG.md#release-2019-04-15
There is now a solution to specify the AKS specific resource group name (at creation time only), using "nodeResourceGroup" property
This is weird why AKS needs a separate resource group MC_ . Its a roadblock really and restricts many clients to go with this service due to compliance and naming conventions.
This should be out of the box, not that joke MC_ RG which breaks all policies in subscription.
Trent Telfer commented
Agreed. I had access to a resource group, built kubernetes and then didn't have access to the new group. Nodes filled up with logs, crashed and then had to destroy kubernetes and rebuild - this seems wrong.
Furthermore, tags are not inherited to the new RG. We use tags for billing, so aks is now "free" as they don't have a cost center tag like the original RG. (We are now doing some nasty stuff, like capturing the creation from event grid and applying them that way. But it simply shouldn't be like that).
Why not doing like you do when provisioning Service Fabric Clusters? You'll get SFC and then the VM Scaleset right next to it. Simple and easy to maintain
Mauro Giusti commented
Or at least allow us to specify the name of the resource group via command line?
I think having all AKS resources tied to a specified/desired resource group is something that a lot of people are looking for ( I also do ) but I would like to understand why this hasn't been implemented. Is there any logic/explanation behind?
The additional resource group that is automatically added upon cluster creation is causing me overhead.
I'd like the option to override the default behavior and specify an already existing resource group.
This is really something that has to be resolved. Most enterprise customers I work for don't like this because they are having an naming convention. So either give us the possibility to specify a custom name or otherwise hide this resource group.
Ben Walding commented
There are a lot of comments relating to this topic over in the Github issue - https://github.com/Azure/AKS/issues/3
Resource group security management is the issue closest to my heart - I grant users access in one resource group, and then AKS creates a new RG that they can't manage - causing operational overhead for my team to change permissions.
I'd also be happy with being able to specify the name of the resource group that is created instead of having all the resources in the same resource group. (although implementing both would be ideal)