'AKS create with App gateway ingress control fails with IngressAppGwAddonConfigInvalidSubnetCIDRNotContainedWithinVirtualNetwork error

When i try to create aks using azure cli using the following command :

"az aks create -n myCluster -g myResourceGroup --network-plugin azure --enable-managed-identity -a ingress-appgw --appgw-name myApplicationGateway --appgw-subnet-cidr "10.2.0.0/16" --generate-ssh-keys"

I get the below error.

"(IngressAppGwAddonConfigInvalidSubnetCIDRNotContainedWithinVirtualNetwork) Subnet Prefix '10.2.0.0/16' specified for IngressApplicationGateway addon is not contained within the AKS Agent Pool's Virtual Network address prefixes '[10.224.0.0/12]'. Code: IngressAppGwAddonConfigInvalidSubnetCIDRNotContainedWithinVirtualNetwork Message: Subnet Prefix '10.2.0.0/16' specified for IngressApplicationGateway addon is not contained within the AKS Agent Pool's Virtual Network address prefixes '[10.224.0.0/12]'. Target: AddonProfiles.IngressApplicationGateway"

Any idea why i get this error ? or how to fix it.

azure-aksazure-application-gateway


Solution 1:[1]

I see that you have used the Tutorial: Enable the Ingress Controller add-on for a new AKS cluster with a new Application Gateway instance tutorial.

I had some trouble creating a new AKS cluster with a command similar to yours. For azure-cli version 2.35.0 in Apr 06, 2022 when it was released the command you issued worked fine.

Something changed that broke the tutorial so... The Subnet CIDR you specify with --appgw-subnet-cidr should be a /16 subnet in the usable host range of 10.224.0.0/12.

That leaves you with the choice between the range of 10.224.0.0 - 10.239.0.0. I used subnet 10.225.0.0/16 for my deployment.

Solution 2:[2]

Seems your AKS cluster Virtual Network address space is overlap with virtual network of application gateway

When using an AKS cluster and Application Gateway in separate virtual networks, the address spaces of the two virtual networks must not overlap.The default address space that an AKS cluster deploys in is 10.0.0.0/8. so we set the Application Gateway virtual network address prefix to 11.0.0.0/8.

Would suggest you to please refer this microsft document to Enable the AGIC add-on in existing AKS cluster through Azure CLI to avoid the error.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1
Solution 2 RahulKumarShaw-MT

Related Questions

AKS - creating clusters is broken?

Newrelic infra agent on AKS Node pool

New relic infra agent on azure Virtual machine scale set

Run shell script or custom data on AKS node pool via terraform

Unable to connect to the server: dial tcp: lookup <Server Location>: no such host

Azure AKS Public IP in Non-standard Resource Group

How can I upgrade the AKS cluster using terraform without downtime

AKS Ingress - multiple ExternalName services

Azure policies(gatekeeper) monitoring on AKS via Prometheus and Grafana

Kubernetes Persistent Volume Mount not found

Application Insights duplicated logs

Azure: Activating AGIC for existing Application Gateway via Terraform does not work completely

"kubectl describe ingress ..." could not find the requested resource

AKS firewall rules to allow

Customizing kubernetes dashboard with company name and environment