Fix Azure AKS Agic Addon Errors
When working with Azure AKS, you may encounter a configuration error that prevents your deployment from working. This guide explains the most common mistake with agic addon and shows the exact fix.
A Common Mistake
Enabling AGIC addon but not creating the subnet in the right VNet, causing the Application Gateway deployment to fail.
The incorrect command:
az aks enable-addons --addons ingress-appgw --name my-aks --resource-group my-rg --appgw-name my-appgw --appgw-subnet-cidr 10.200.0.0/24
Error output:
Error: The subnet CIDR 10.200.0.0/24 does not exist in the AKS VNet. AGIC requires a subnet in the same VNet as the AKS cluster or a peered VNet. The addon cannot create the Application Gateway without a valid subnet.
The Correct Approach
The right way to configure agic addon in Azure AKS:
az network vnet subnet create --name appgw-subnet --resource-group mc_my-aks_rg --vnet-name aks-vnet --address-prefixes 10.100.2.0/24
az aks enable-addons --addons ingress-appgw --name my-aks --resource-group my-rg --appgw-name my-appgw --appgw-subnet-id /subscriptions/sub/resourceGroups/mc_my-aks_rg/providers/Microsoft.Network/virtualNetworks/aks-vnet/subnets/appgw-subnet
Successful result:
AGIC addon enabled.
Application Gateway deployed in the AKS VNet subnet. Ingress resources route traffic through AGIC.
How to Prevent This
Create a dedicated subnet for Application Gateway in the AKS VNet (or peered VNet). Subnet size: /24 minimum. Deploy AGIC in the same region as AKS. Use managed identity for AGIC authentication. AGIC supports public and private Application Gateway.
FAQ
Built by the developers of Doda Browser, DodaZIP, and Durga Antivirus Pro. Secure your cloud with DodaTech.
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro