Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to create AzureIngressProhibitedTarget on AKS #1594

Open
olee opened this issue Feb 9, 2024 · 2 comments
Open

Unable to create AzureIngressProhibitedTarget on AKS #1594

olee opened this issue Feb 9, 2024 · 2 comments

Comments

@olee
Copy link

olee commented Feb 9, 2024

Describe the bug
I installed the application gateway incress controller through the az aks enable-addon command.
Now I wanted to add a configuration with AzureIngressProhibitedTarget, however my cluster reports that this resource type does not exist:

❯ kubectl get AzureIngressProhibitedTargets
error: the server doesn't have a resource type "AzureIngressProhibitedTargets"

Do I have to use the helm chart to make this usable in some way and is it not possible to use the azure aks addon?
I searched through the github respository and other sources but couldn't find any explanation on this.
@williamalvvc
Copy link

Hi There, AzureIngressProhibitedTarget is a custom resource used by helm, afaik, enable-addon is only useful if you looking to setup AGIC for AKS only (No shared can be used since AGIC is fully managed by AKS), thus, if your looking for a shared configuration you should go for helm.

@olee
Copy link
Author

olee commented Mar 21, 2024
edited

Actually, I managed to resolve this by manually patching the configuration deployed through the addon. These were the steps I followed:

  1. Apply CustomResourceDefinition AzureIngressProhibitedTarget with the yaml from the chart
  2. Apply a patch to the ingress-appgw-cm config map and set APPGW_ENABLE_SHARED_APPGW: true.
    I did this through pulumi by creating a ConfigMapPatch resource:
  ConfigMapPatch("appgw-ingress-shared-mode", {
      metadata: {
          name: "ingress-appgw-cm",
          namespace: "kube-system",
      },
      data: {
          APPGW_ENABLE_SHARED_APPGW: "true",
      },
  }

Afterwards, the shared gateway was working correctly iirc (we are not using it yet, because we are busy with other stuff and are still evaluating out transition from the current ingress to appgw).
So as far as I can see it, this is just an issue of the shared option not being available through the addon.

PS: I also created an issue for the documentation on brownfield deployments over at microsoft to be updated to tell users that shared mode will not be used and all existing configuration would be overwritten once the ingress controller is enabled: MicrosoftDocs/azure-docs#119676

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@olee @williamalvvc