search

Azure / AKS-Construction

Accelerate your onboarding to AKS with; Helper Web App, bicep templating and CI/CD samples. Flexible & secure AKS baseline implementations in a Microsoft + community maintained reference implementation.
https://azure.github.io/AKS-Construction/
MIT License
356 stars 165 forks source link

InsufficientSubnetSize - Pre-allocated IPs 1280 exceeds IPs available 1024 in Subnet Cidr 10.240.100.0/22, Subnet Name networkProfile.podCIDR #701

Closed vienleidl closed 1 month ago

vienleidl commented 3 months ago

Describe the bug The size of podCidr is not sufficient by default. The error message is like below: "{\r\n \"code\": \"InsufficientSubnetSize\",\r\n \"details\": null,\r\n \"message\": \"Pre-allocated IPs 1280 exceeds IPs available 1024 in Subnet Cidr 10.240.100.0/22, Subnet Name networkProfile.podCIDR. If Autoscaler is enabled, the max-count from each nodepool is counted towards this total (which means that pre-allocated IPs count represents a theoretical max value, not the actual number of IPs requested). http://aka.ms/aks/insufficientsubnetsize\",\r\n \"subcode\": \"\",\r\n \"target\": \"networkProfile.podCIDR\"\r\n}"

To Reproduce The command has been run as below:

az deployment group create -g aks-resource-group  --template-uri https://github.com/Azure/AKS-Construction/releases/download/0.10.5/main.json --parameters `
  resourceName=aks-resource-group `
  managedNodeResourceGroup=aks-southeastasia `
  kubernetesVersion=1.29.4 `
  agentCount=1 `
  upgradeChannel=stable `
  AksPaidSkuForSLA=true `
  agentVMSize=Standard_B2als_v2 `
  nodePoolName=systempool1 `
  osSKU=AzureLinux `
  byoAKSSubnetId=/subscriptions/xxx/resourceGroups/xxx/providers/Microsoft.Network/virtualNetworks/xxx/subnets/k8s-cluster `
  enable_aad=true `
  AksDisableLocalAccounts=true `
  enableAzureRBAC=true `
  adminPrincipalId=$(az ad signed-in-user show --query id --out tsv) `
  registries_sku=Standard `
  acrPushRolePrincipalId=$(az ad signed-in-user show --query id --out tsv) `
  enableTelemetry=false `
  networkPluginMode=Overlay `
  availabilityZones='["1","2","3"]' `
  authorizedIPRanges="['x.x.x.x/32']" `
  blobCSIDriver=true `
  oidcIssuer=true `
  workloadIdentity=true

Expected behavior The Bicep validation should be succeeded.

Screenshots The default POD network CIDR is like below: image

Additional context Added podCidr="10.240.96.0/21" as a workaround.

github-actions[bot] commented 2 months ago

Issue smells stale, no activity for 30 days. Stale Label will be removed if the issue is updated, otherwise closed in a month.