Skip to content

Add validation for AGIC subnet configuration#5832

Open
rahulrai-in wants to merge 4 commits into
masterfrom
rahulrai-in-patch-4
Open

Add validation for AGIC subnet configuration#5832
rahulrai-in wants to merge 4 commits into
masterfrom
rahulrai-in-patch-4

Conversation

@rahulrai-in

Copy link
Copy Markdown
Contributor

Added validation for Ingress Application Gateway configurations to prevent use of the reserved 'aks-appgateway' subnet, ensuring compliance with subnet delegation constraints.

Added validation for Ingress Application Gateway configurations to prevent use of the reserved 'aks-appgateway' subnet, ensuring compliance with subnet delegation constraints.

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Updates the AKS repository changelog to document a new validation behavior for the Ingress Application Gateway (AGIC) add-on, preventing use of the reserved aks-appgateway subnet to align with subnet delegation constraints.

Changes:

  • Added a changelog entry describing the new AGIC subnet validation and guidance for selecting a different subnet.

Comment thread CHANGELOG.md Outdated
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings June 19, 2026 08:44

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 1 comment.

Comment thread CHANGELOG.md Outdated
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings June 22, 2026 01:46

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated 2 comments.

Comment thread CHANGELOG.md Outdated
* AKS now allows migration from the `managedNATGatewayV2` outbound type to the `block` and `none` outbound types, supporting [network-isolated cluster](https://learn.microsoft.com/azure/aks/concepts-network-isolated) scenarios. Migration to other outbound types remains blocked.
* AKS now validates pod CIDR ranges during cluster create and update for kubenet and [Azure CNI Overlay](https://learn.microsoft.com/azure/aks/azure-cni-overlay) clusters. Clusters can no longer be created or updated with a pod CIDR that overlaps with reserved IP ranges (`172.30.0.0/16`, `172.31.0.0/16`), preventing potential in-cluster networking failures. Existing clusters with an overlapping pod CIDR are unaffected. See [CNI prerequisites](https://learn.microsoft.com/azure/aks/concepts-network-cni-overview#prerequisites).
* AKS now rejects [Calico NPM and Azure NPM](https://learn.microsoft.com/azure/aks/use-network-policies) install and uninstall operations on clusters running Kubernetes versions earlier than 1.30. Requests are rejected at the API level with a descriptive error directing customers to upgrade to a newer supported Kubernetes version before retrying. Existing clusters already using Calico NPM or Azure NPM are unaffected.
* AKS now blocks the [Application Gateway Ingress Controller (AGIC)](https://learn.microsoft.com/azure/application-gateway/ingress-controller-overview) add-on from using the AKS-managed `aks-appgateway` subnet. This subnet is reserved for Application Gateway for Containers (AGC) and can't be used by AGIC due to subnet delegation constraints. Requests using this configuration now fail validation. Use a dedicated subnet by specifying `--appgw-subnet-id` (or `--appgw-subnet-cidr` during cluster create).
Comment thread CHANGELOG.md Outdated
Co-authored-by: Copilot Autofix powered by AI <175728472+Copilot@users.noreply.github.com>
Copilot AI review requested due to automatic review settings June 22, 2026 02:03

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Copilot reviewed 1 out of 1 changed files in this pull request and generated no new comments.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants