Giters

Azure / AKS-Construction

Accelerate your onboarding to AKS with; Helper Web App, bicep templating and CI/CD samples. Flexible & secure AKS baseline implementations in a Microsoft + community maintained reference implementation.

Home Page:https://azure.github.io/AKS-Construction/

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Application Gateway ingress controller not compatible with CNI Overlay

pjlewisuk opened this issue · comments

commented

Describe the bug
As per the docs, CNI Overlay has the following limitations:

  • You can't use Application Gateway as an Ingress Controller (AGIC) for an Overlay cluster.
  • Virtual Machine Availability Sets (VMAS) aren't supported for Overlay.
  • Dual stack networking isn't supported in Overlay.
  • You can't use DCsv2-series virtual machines in node pools. To meet Confidential Computing requirements, consider using DCasv5 or DCadsv5-series confidential VMs instead.

If you try to deploy an AKS cluster with this configuration, you receive an error like:

{
	"status": "Failed",
	"error": {
		"code": "DeploymentFailed",
		"target": "/subscriptions/1ef1298c-a01a-454b-ab6c-2d2203a00553/resourceGroups/az-k8s-iepa-rg/providers/Microsoft.Resources/deployments/main",
		"message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.",
		"details": [{
			"code": "BadRequest",
			"target": "/subscriptions/1ef1298c-a01a-454b-ab6c-2d2203a00553/resourceGroups/az-k8s-iepa-rg/providers/Microsoft.Resources/deployments/main",
			"message": "{\r\n  \"code\": \"AddonInvalid\",\r\n  \"details\": null,\r\n  \"message\": \"Application Gateway Ingress Controller addon is not supported with Azure CNI Overlay\",\r\n  \"subcode\": \"AGICAddonNotSupportedWithAzureCNIOverlay\",\r\n  \"target\": \"networkProfile.networkPluginMode\"\r\n}"
		}]
	}
}

To Reproduce
Steps to reproduce the behavior:

  1. Go to AKS Construction homepage
  2. Navigate to "Addon Details" and check that "Azure Application Gateway Ingress Controller add-on" is selected (it should be, by default)
  3. Navigate to "Networking Details" and select the "CNI Overlay Network" option under "CNI Features"
  4. Deploy the cluster, wait for the deployment to fail with an error similar to above

Expected behavior
A warning message should be displayed in the AKS Construction helper when invalid configuration combinations are selected

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context
Add any other context about the problem here.

commented

I got this message today too:
Failed to save Kubernetes service 'aks-eap-dev-wus2-01'. Error: Application Gateway Ingress Controller addon is not supported with Azure CNI Overlay
Is the workaround to re-build or use a cluster without Overlay enabled?

commented

Issue smells stale, no activity for 30 days. Stale Label will be removed if the issue is updated, otherwise closed in a month.