Skip to content

Fix Azure AKS Agic Addon Errors

DodaTech Updated 2026-06-26 2 min read

When working with Azure AKS, you may encounter a configuration error that prevents your deployment from working. This guide explains the most common mistake with agic addon and shows the exact fix.

A Common Mistake

Enabling AGIC addon but not creating the subnet in the right VNet, causing the Application Gateway deployment to fail.

The incorrect command:

az aks enable-addons --addons ingress-appgw --name my-aks --resource-group my-rg --appgw-name my-appgw --appgw-subnet-cidr 10.200.0.0/24

Error output:

Error: The subnet CIDR 10.200.0.0/24 does not exist in the AKS VNet. AGIC requires a subnet in the same VNet as the AKS cluster or a peered VNet. The addon cannot create the Application Gateway without a valid subnet.

The Correct Approach

The right way to configure agic addon in Azure AKS:

az network vnet subnet create --name appgw-subnet --resource-group mc_my-aks_rg --vnet-name aks-vnet --address-prefixes 10.100.2.0/24
az aks enable-addons --addons ingress-appgw --name my-aks --resource-group my-rg --appgw-name my-appgw --appgw-subnet-id /subscriptions/sub/resourceGroups/mc_my-aks_rg/providers/Microsoft.Network/virtualNetworks/aks-vnet/subnets/appgw-subnet

Successful result:

AGIC addon enabled.
Application Gateway deployed in the AKS VNet subnet. Ingress resources route traffic through AGIC.

How to Prevent This

Create a dedicated subnet for Application Gateway in the AKS VNet (or peered VNet). Subnet size: /24 minimum. Deploy AGIC in the same region as AKS. Use managed identity for AGIC authentication. AGIC supports public and private Application Gateway.

FAQ

Why does my agic addon configuration fail in Azure AKS?

Configuration failures in Azure often stem from missing role assignments, incorrect resource IDs, region availability issues, or ARM template parameter errors. Always use az --help to verify command syntax and parameter names. Check Azure Activity Log for detailed error traces.

How do I debug agic addon issues in Azure?

Use az monitor activity-log list to audit operations. For resource issues, use az resource show. For networking, use Network Watcher diagnostics. For role issues, check az role assignment list. Enable diagnostic settings for detailed logging. Use az rest to call Azure REST APIs directly for debugging.

What are the best practices for agic addon in Azure?

Use infrastructure-as-code (ARM, Terraform, Bicep) for all configurations. Tag resources for cost tracking and management. Use Azure Policy for governance. Enable diagnostic logs and monitoring. Follow Least Privilege for RBAC. Test in a non-production environment first. Review Azure Advisor recommendations regularly.


Built by the developers of Doda Browser, DodaZIP, and Durga Antivirus Pro. Secure your cloud with DodaTech.

Built by the developers of DodaTech

Doda Browser, DodaZIP & Durga Antivirus Pro