Enable the Application Gateway Ingress Controller (AGIC) add-on for an AKS cluster using custom subnet

Question

I follow this tutorial https://learn.microsoft.com/en-us/azure/application-gateway/tutorial-ingress-controller-add-on-new to install AGIC for AKS cluster.

As the docs, the default vnet is 10.0.0.0/8 and subnet is 10.240.0.0/16. I don't want to use /8 and /16 so I change vnet to /20 and subnet to /23.

After running this command, I see the k8s cluster but there is no App Gateway.

az aks create -n test-k8s -g "infra-k8s-test" --network-plugin azure --enable-managed-identity -a ingress-appgw --appgw-name test-appgw --appgw-subnet-cidr "10.0.12.0/23" --generate-ssh-keys --location southcentralus --service-cidr "10.0.4.0/23" --dns-service-ip  10.0.4.10 --vnet-subnet-id "/subscriptions/efxxxxc9/resourceGroups/infra-test-k8s/providers/Microsoft.Network/virtualNetworks/infra-k8s-test-vnet/subnets/infra-k8s-test-subnet"

Waiting for AAD role to propagate[################################    ]  90.0000%Could not create a role assignment for virtual network:
subscriptions/efxxxxc9/resourceGroups/infra-k8s-test/providers/Microsoft.Network/virtualNetworks/infra-k8s-test-vnet specified in ingressApplicationGateway addon. Are you an Owner on this subscription?

I see there are many issues on Github related to custom subnet with AKS. Do we have a solution for this setup?

Answer 1

Set the variable for the subnet ID for the existing subnet using the following command:

APPGW_SUBNET_ID=$(az network vnet subnet show -g $VNET_RG --vnet-name $VNET_NAME -n $SUBNET_NAME --query id -o tsv --subscription $SUBSCRIPTION)

Replace --appgw-subnet-cidr with the command below:

--appgw-subnet-id $APPGW_SUBNET_ID