Application Gateway ingress controller not compatible with CNI Overlay

[pjlewisuk]

Describe the bug
As per the docs, CNI Overlay has the following limitations:

• You can't use Application Gateway as an Ingress Controller (AGIC) for an Overlay cluster.
• Virtual Machine Availability Sets (VMAS) aren't supported for Overlay.
• Dual stack networking isn't supported in Overlay.
• You can't use DCsv2-series virtual machines in node pools. To meet Confidential Computing requirements, consider using DCasv5 or DCadsv5-series confidential VMs instead.

If you try to deploy an AKS cluster with this configuration, you receive an error like:

{
	"status": "Failed",
	"error": {
		"code": "DeploymentFailed",
		"target": "/subscriptions/1ef1298c-a01a-454b-ab6c-2d2203a00553/resourceGroups/az-k8s-iepa-rg/providers/Microsoft.Resources/deployments/main",
		"message": "At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.",
		"details": [{
			"code": "BadRequest",
			"target": "/subscriptions/1ef1298c-a01a-454b-ab6c-2d2203a00553/resourceGroups/az-k8s-iepa-rg/providers/Microsoft.Resources/deployments/main",
			"message": "{\r\n  \"code\": \"AddonInvalid\",\r\n  \"details\": null,\r\n  \"message\": \"Application Gateway Ingress Controller addon is not supported with Azure CNI Overlay\",\r\n  \"subcode\": \"AGICAddonNotSupportedWithAzureCNIOverlay\",\r\n  \"target\": \"networkProfile.networkPluginMode\"\r\n}"
		}]
	}
}

To Reproduce
Steps to reproduce the behavior:

1. Go to AKS Construction homepage
2. Navigate to "Addon Details" and check that "Azure Application Gateway Ingress Controller add-on" is selected (it should be, by default)
3. Navigate to "Networking Details" and select the "CNI Overlay Network" option under "CNI Features"
4. Deploy the cluster, wait for the deployment to fail with an error similar to above

Expected behavior
A warning message should be displayed in the AKS Construction helper when invalid configuration combinations are selected

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context
Add any other context about the problem here.

[tim-chaffin]

I got this message today too:
Failed to save Kubernetes service 'aks-eap-dev-wus2-01'. Error: Application Gateway Ingress Controller addon is not supported with Azure CNI Overlay
Is the workaround to re-build or use a cluster without Overlay enabled?

[github-actions]

Issue smells stale, no activity for 30 days. Stale Label will be removed if the issue is updated, otherwise closed in a month.