I am unable to use a subnet with route table associated while creating a cluster in Azure portal.

Question

Hi, we have a subnet associated with a route table, while creating a (aks) cluster using that subnet it is showing an error saying we cannot use a subnet with a route table attached, for this I am removing the route table and using that subnet for cluster creation, while doing this my other services are getting down due to routing. Why is it showing that error and how can I achieve this without removing the route table to the subnet?

Answer 1

Hello Charan Nalam

You are right

For system-assigned managed identity, it's only supported to provide your own subnet and route table via Azure CLI because Azure CLI automatically adds the role assignment. If you're using an ARM template or other clients, you must use a user-assigned managed identity, assign permissions before cluster creation, and ensure the user-assigned identity has write permissions to your custom subnet and custom route table.

When you create and use your own VNet and route table with the kubenet network plugin, you must configure a user-assigned managed identity for the cluster. With a system-assigned managed identity, you can't retrieve the identity ID before creating a cluster, which causes a delay during role assignment.

Both system-assigned and user-assigned managed identities are supported when you create and use your own VNet and route table with the Azure network plugin. We highly recommend using a user-assigned managed identity for BYO scenarios.

https://learn.microsoft.com/en-us/azure/aks/configure-kubenet

https://stackoverflow.com/questions/69044856/aks-via-terraform-error-code-customroutetablewithunsupportedmsitype