Restore of an AKS cluster completes with “Partial” status

Summary

This article explains why some restores of an AKS cluster may occasionally be marked as “Partial”.

Description

When Azure Policy is enabled on an AKS cluster, some Kubernetes resources can be created only through Azure. This prevents CloudCasa from creating such resources during restore and hence, the restore would be marked as “Partial”. In order to confirm that this is indeed the case, download the logs (See Activity), and check if the creation of some resources has been blocked by Azure.

Here is a sample log message showing that the restore of some resources was denied by Azure:

Cluster resource restore error: error restoring
k8sazurev2noprivilege.constraints.gatekeeper.sh/azurepolicy-k8sazurev2noprivilege-bd7cfcb5fad01c60575e: admission
webhook \"byovalidation.policy.azure.com\" denied the request: This cluster is governed by Azure Policy. Policies must
be created through Azure. For more information, visit https://aka.ms/K8sAzurePolicy.

If there is no similar log message indicating that Azure blocked the restore, please contact CloudCasa support.