0

I had a AKS with AGIC addon enabled and I have to switch to AGIC as a helm chart (https://learn.microsoft.com/en-us/azure/application-gateway/ingress-controller-install-existing) in an attempt to connect two AKS clusters to a single Application Gateway but how can I change how AGIC was setup? I had though running disable addon would do the trick but when I tried to apply the helm-config file I was shown this error message:

Error: INSTALLATION FAILED: Unable to continue with install: IngressClass "azure-application-gateway" in namespace "" exists and cannot be imported into the current release: invalid ownership metadata; label validation error: missing key "app.kubernetes.io/managed-by": must be set to "Helm"; annotation validation error: missing key "meta.helm.sh/release-name": must be set to "ingress-azure-1710484411"; annotation validation error: missing key "meta.helm.sh/release-namespace": must be set to "ingress-nginx"

Also for some reason, I have to switch the Gateway's subnet route table manually when I connect it to one of each AKS's services which kind of defeats the purpose of being able to connect 2 AKS to the gateway, was wondering if there is a solution for that as well or a way to work around that. Thanks!

1 Answers1

0

Transitioning from the AGIC add-on to a Helm-managed AGIC involves several steps because you need to ensure that resources created by the add-on are properly cleaned up or transitioned to be managed by Helm. The error you're encountering indicates that existing resources were not properly claimed or cleaned up during the Helm installation. As explained in comments,

First, Disable AGIC Add-on

az aks disable-addons --addons ingress-appgw --name MyAKSCluster --resource-group MyResourceGroup

Second, Clean Up Existing Resources

Ensure that all the resources created by the add-on are completely removed. This includes the IngressClass azure-application-gateway that the error message mentioned.

Your question- How would I know what all resources got created when AGIC add on was enabled?

List the resources in the kube-system namespace (or the relevant namespace if AGIC was deployed elsewhere) to see what might be related to AGIC.

kubectl get all -n <namespace>

Look for resources with names that include ingress-appgw or similar identifiers related to the Application Gateway or AGIC.

kubectl delete ingressclass azure-application-gateway

AGIC uses ConfigMaps for its configuration, so check for that as well kubectl get configmaps -n kube-system or if you have any specific namespace

Check AGIC-specific Service Accounts and Roles- kubectl get serviceaccounts,roles,rolebindings -n kube-system or any other namespace

and delete them after editing the namespace accordingly.

kubectl delete deployment <agic-deployment-name> -n kube-system
kubectl delete service <agic-service-name> -n kube-system
kubectl delete configmap <agic-configmap-name> -n kube-system
kubectl delete serviceaccount <agic-serviceaccount-name> -n kube-system
kubectl delete roles,rolebindings <agic-roles-and-rolebindings> -n kube-system

Once the cleanup is complete, you can proceed with the AGIC installation using Helm

Arko
  • 151
  • 2