Azure AKS deployment raised an "InsufficientSubnetSize" error
I'm trying to deploy an Azure AKS instance via ARM template.
I have a requirement to integrate the AKS instance into an existing Vnet.
I have a dedicated subnet for AKS service.
However, deployment has failed with the following error:
{"code":"DeploymentFailed","message":"At least one resource deployment operation failed.
Please list deployment operations for details. Please see
https://aka.ms/arm-debug for usage details.","details":
[{"code":"BadRequest","message":"{\r\n \"code\": \"InsufficientSubnetSize\",\r\n
\"message\": \"Pre-allocated IPs 93 exceeds IPs available in Subnet 11\",\r\n
\"target\": \"agentPoolProfile.count\"\r\n}"}]}
I'm using the following address space for Vnet: XX.XX.XX.0/24 (XX.XX.XX.0 - XX.XX.XX.255 which has 256 addresses.
I have a set of dedicated subnets within this Vnet, each of /28 mask (11+5 addresses depth):
XX.XX.XX.0/28
XX.XX.XX.16/28
XX.XX.XX.64/28
XX.XX.XX.128/28
XX.XX.XX.144/28
XX.XX.XX.160/28
XX.XX.XX.176/28
The subnet XX.XX.XX.144/28 is planned to be used in AKS.
The current AKS instance ARM template is as follows:
"resources": [
{
"type": "Microsoft.ContainerService/managedClusters",
"apiVersion": "2019-04-01",
"name": "[parameters('resourceName')]",
"location": "[parameters('location')]",
"dependsOn": [],
"tags": {},
"properties": {
"kubernetesVersion": "[parameters('kubernetesVersion')]",
"enableRBAC": "[parameters('enableRBAC')]",
"dnsPrefix": "[parameters('dnsPrefix')]",
"agentPoolProfiles": [
{
"name": "agentpool",
"osDiskSizeGB": "[parameters('osDiskSizeGB')]",
"count": "3",
"vmSize": "[parameters('agentVMSize')]",
"osType": "[parameters('osType')]",
"storageProfile": "ManagedDisks",
"maxPods": "30",
"vnetSubnetID": "/subscriptions/XXXXX/resourceGroups/XXXX/providers/Microsoft.Network/virtualNetworks/VNET_NAME/subnets/akssubnet"
}
],
"servicePrincipalProfile": {
"ClientId": "[parameters('servicePrincipalClientId')]",
"Secret": "[parameters('servicePrincipalClientSecret')]"
},
"networkProfile": {
"networkPlugin": "azure",
"serviceCidr": "10.0.0.0/16",
"dnsServiceIP": "10.0.0.10",
"dockerBridgeCidr": "172.17.0.1/16"
},
"addonProfiles": {
"httpApplicationRouting": {
"enabled": "[parameters('enableHttpApplicationRouting')]"
},
"omsagent": {
"enabled": "[parameters('enableOmsAgent')]",
"config": {
"logAnalyticsWorkspaceResourceID": "[parameters('omsWorkspaceId')]"
}
}
}
}
},
"subscriptionId": "[split(parameters('omsWorkspaceId'),'/')[2]]",
"resourceGroup": "[split(parameters('omsWorkspaceId'),'/')[4]]"
}
]
Network profile parameters were set according to the following article: Microsoft.ContainerService managedClusters template reference
A CIDR of 10.0.0.0/16 is of a private range and isn't interfering with my existing Vnet range.
I need advice on how to deal with this deployment error.
Upd:
I've tried the deployment with the values of my Vnet/subnets but stil it's failing:
Upd2:
Per MS documentation "Minimum number of pods on the initial cluster creation using Azure CNI type is 30" which leads to the following number of subnet range in my case according to the formula: (number of nodes + 1) + ((number of nodes + 1) * maximum pods per node that you configure) = (3+1) + ((3+1)*30) = 124
So the multiplier of 30 will be always present even if the number of pods is set to 1 in ARM template for example.
Upd3:
However, as I was unable to extend the existing subnet range I've managed to deploy the AKS instance using the following configuration:
"parameters": {
"SvcCidr": {
"type": "string",
"defaultValue": "10.0.0.0/16",
"metadata": {
"description": "Maximum number of pods that can run on a node."
}
},
"PodCidr": {
"type": "string",
"defaultValue": "10.244.0.0/16",
"metadata": {
"description": "Maximum number of pods that can run on a node."
}
},
"DnsSvcIP": {
"type": "string",
"defaultValue": "10.0.0.10",
"metadata": {
"description": "Maximum number of pods that can run on a node."
}
},
"DockerCidr": {
"type": "string",
"defaultValue": "",
"variables": {
"vnetSubnetId": "[resourceId(resourceGroup().name, 'Microsoft.Network/virtualNetworks/subnets', parameters('vnetName'), parameters('vnetSubnetName'))]",
"resources": [
{
"type": "Microsoft.ContainerService/managedClusters",
"agentPoolProfiles": [
{
"vnetSubnetID": "[variables('vnetSubnetId')]",
"networkProfile": {
"networkPlugin": "[parameters('NetPlugin')]",
"serviceCidr": "[parameters('SvcCidr')]",
"podCidr": "[parameters('PodCidr')]",
"DNSServiceIP": "[parameters('DnsSvcIP')]",
"dockerBridgeCidr": "[parameters('DockerCidr')]"
Which leads to the provision of my subnet range IP addresses only to cluster nodes while the pods will use the private IP addresses range.
For your issue, when you use the azure module network, as it shows about the Calculation method in other answers, your subnet could just have one node. But actually, the IP address number of your subnet is not enough for just one node. Because there are already pods need the IP address when you create the AKS cluster in default, for example, the metric server and etc.
So you just can use the network nodule kubelet. In this module, just the node need to IP address in the subnet. And just use this network module, you can have 3 nodes as you want and use your existing subnet with just 8 IP address. For more details, see Use kubenet networking with your own IP address ranges in Azure Kubernetes Service (AKS).
- Azure C# Cosmos DB: Property "id" is missing when it's actually present
- Azure Permission - needed for creating resource group - RBAC
- Unable to locate executable file: 'bash'. Please verify either the file path exists
- Can the Azure Service Bus be delayed before retrying a message?
- azure documentdb create document duplicates Id property
- JWT validation failure error in azure apim
- Azure App Service and Application Insights where is performance test?
- Is it possible to have a non-interactive code that logs in to Azure and creates users in Microsoft Entra ID?
- Change Default Service Version of Microsoft Azure Blob - PHP
- Microsoft Graph: How to filter users by domain name
- Azure App Service Plan CPU Spikes to 100%
- Unable to Authenticate to DevOps API with Angual MSAL
- Azure Databricks: Not able to parameterize keys option of dlt.apply_changes
- ASP.NET Core 3.1 Azure AD Authentication throws OptionsValidationException
- Attaching a private static ip address to Azure Container Instance
- Azure Synapse severless SQL pool - query execution fails
- How to login via Service Principal having Federated Credentials rather than Client Secrets
- Where can I find the resource id of an Azure function app in the Azure portal?
- How to forward access-control-allow-origin header from a Web App to a Front Door?
- Basic SQL commands in Terraform
- Linux Azure Webjob in nodejs referring to node.exe
- Running Azure functions locally gives "No runtime" error after .NET7 upgrade
- Azure DataSync tables not showing up
- Azure ML: Unable to find workspace
- unable to start 'Docker for windows' on Azure Win 10 VM
- How to enable virtualization in Azure VM
- Configuring AppSettings with ASP.Net Core on Azure Web App for Containers: Whither Colons?
- how to get v2 type token using msal python
- The mock in my pester test keeps calling Connect-AzAccount
- HttpResponseError in Azure Ai search