Azure · ejhenry · Mar 28, 2024 · Mar 22, 2024 · Mar 22, 2024 · Mar 22, 2024
diff --git a/docs/content/services/container/aks/code/aks-23/aks-23.kql b/docs/content/services/container/aks/code/aks-23/aks-23.kql
@@ -1 +1,25 @@
-// cannot-be-validated-with-arg
+// Azure Resource Graph Query
+// Returns each AKS cluster with nodepools that have user nodepools with a subnetmask that does not match autoscale configured max-nodes
+// Subtracting the network address, broadcast address, and default 3 addresses Azure reserves within each subnet
+
+resources
+| where type == "microsoft.containerservice/managedclusters"
+| extend nodePools = properties['agentPoolProfiles']
+| mv-expand nodePools = properties.agentPoolProfiles
+| where nodePools.enableAutoScaling == true
+| extend nodePoolName=nodePools.name, maxNodes = nodePools.maxCount, subnetId = tostring(nodePools.vnetSubnetID)
+| project clusterId = id, clusterName=name, nodePoolName=nodePools.name, toint(maxNodes), subnetId
+| join kind = leftouter (
+    resources
+    | where type == 'microsoft.network/virtualnetworks'
+    | extend subnets = properties.subnets
+    | mv-expand subnets
+    | project id = tostring(subnets.id), addressPrefix = tostring(subnets.properties['addressPrefix'])
+    | extend subnetmask = toint(substring(addressPrefix, indexof(addressPrefix, '/')+1, string_size(addressPrefix)))
+    | extend possibleMaxNodeCount = toint(exp2(32-subnetmask) - 5)
+) on $left.subnetId == $right.id
+| project-away id, subnetmask
+| where possibleMaxNodeCount <= maxNodes
+| extend param1 = strcat(nodePoolName, " autoscaler upper limit: ", maxNodes)
+| extend param2 = strcat("ip addresses on subnet: ", possibleMaxNodeCount)
+| project recommendationId="aks-23", id=clusterId, name=clusterName, param1, param2