Azure: Activating AGIC for existing Application Gateway via Terraform does not work completely

Question

if I activate AGIC for AKS via Terraform for an existing Application Gateway:

  addon_profile {
    ingress_application_gateway {
      enabled    = true
      gateway_id = azurerm_application_gateway.application-gateway-network-1.id
    }
  }

and I deploy a hello-world ingress-application the rules etc. within the existing Application Gateway are not automatically created. If I change nothing but disabling AGIC via Azure Portal and enable it again: all works fine! Rules/health probes etc. are created automatically if I deploy the same hello-world ingress-application. It seems to be a bug on Terraform or Azure API side but cannot find anything. maybe someone as a hint or even a solution?

I tried it with different AKS versions and use the latest Terraform Azurem provider 2.98.

Thanks in advance

Answer 1

Using azurerm provider >=3.0.0 you'll need to move the ingress_application_gateway outside of the addon_profile as that's no longer supported.

Passing the gateway_name and a subnet_cidr instead of the gateway_id works for me, as Azure create ingress and assigns to the k8s cluster. This saves the need to create an azurerm_application_gateway resource.

Use the following.

resource "azurerm_kubernetes_cluster" "aks-cluster" {
    ingress_application_gateway {
      gateway_name = "aks-cluster-ingress"
      subnet_cidr = "10.225.0.0/16"
    }
}

Note: change the gateway_name and subnet_cidr values accordingly.