search

Azure / azure-cli

Azure Command-Line Interface
MIT License
3.99k stars 2.97k forks source link

AKS: VNET and NSG not listed with resource-group option #19043

Open svollath opened 3 years ago

svollath commented 3 years ago

Describe the bug Sometimes, the commands for listing VNETs and NSGs return empty for up to 20min. after (aks automatic) creation, if --resource-group is used - at the same time the respective resources are included (with the correct resource-group) listed within all VNET resources, e.g. with just az network vnet list or az network nsg list

To Reproduce

  1. Create AKS cluster using the cli and az aks create
  2. Get kubeconfig with az aks get-credentials
  3. Wait for nodes to become ready
  4. try to get the NSG name with az network nsg list --resource-group=$AZ_MC_RG_NAME
> az network vnet list
[
  {
    "addressSpace": {
      "addressPrefixes": [
        "10.0.0.0/8"
      ]
    },
    "bgpCommunities": null,
    "ddosProtectionPlan": null,
    "dhcpOptions": null,
    "enableDdosProtection": false,
    "enableVmProtection": null,
    "etag": "*******",
    "extendedLocation": null,
    "flowTimeoutInMinutes": null,
    "id": "/subscriptions/*******/resourceGroups/MC_test-test1-aks_test_eastus/providers/Microsoft.Network/virtualNetworks/aks-vnet-12345678",
    "ipAllocations": null,
    "location": "eastus",
    "name": "aks-vnet-12345678",
    "provisioningState": "Succeeded",
    "resourceGroup": "MC_test-test1-aks_test_eastus",
    "resourceGuid": "*********",
    "subnets": [
...
    "tags": null,
    "type": "Microsoft.Network/virtualNetworks",
    "virtualNetworkPeerings": []
  }
]

... just works without -g option.

> az network vnet list -g MC_test-test1-aks_test_eastus
[]

... and this can succeed right away, but often takes between 10-20min., until the correct content is shown, like above.

Expected behavior automatically created VNET or NSG get listed for the given MC_Resource-Group, e.g. aks-agentpool-12345678-nsg when they are available

Environment summary azure-cli-2.26.1-1.el7.x86_64 on openSUSE Leap 15.3

ghost commented 3 years ago

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @Azure/aks-pm.

Issue Details
**Describe the bug** Sometimes, the commands for listing VNETs and NSGs return empty for up to 20min. after (aks automatic) creation, if `--resource-group` is used - at the same time the respective resources are included (with the correct resource-group) listed within all VNET resources, e.g. with just `az network vnet list` or `az network nsg list` **To Reproduce** 1. Create AKS cluster using the cli and `az aks create` 2. Get kubeconfig with `az aks get-credentials` 3. Wait for nodes to become ready 4. try to get the NSG name with `az network nsg list --resource-group=$AZ_MC_RG_NAME` ``` > az network vnet list [ { "addressSpace": { "addressPrefixes": [ "10.0.0.0/8" ] }, "bgpCommunities": null, "ddosProtectionPlan": null, "dhcpOptions": null, "enableDdosProtection": false, "enableVmProtection": null, "etag": "*******", "extendedLocation": null, "flowTimeoutInMinutes": null, "id": "/subscriptions/*******/resourceGroups/MC_test-test1-aks_test_eastus/providers/Microsoft.Network/virtualNetworks/aks-vnet-12345678", "ipAllocations": null, "location": "eastus", "name": "aks-vnet-12345678", "provisioningState": "Succeeded", "resourceGroup": "MC_test-test1-aks_test_eastus", "resourceGuid": "*********", "subnets": [ ... "tags": null, "type": "Microsoft.Network/virtualNetworks", "virtualNetworkPeerings": [] } ] ``` ... just works without `-g` option. ``` > az network vnet list -g MC_test-test1-aks_test_eastus [] ``` ... and this can succeed right away, but often takes between 10-20min., until the correct content is shown, like above. **Expected behavior** automatically created VNET or NSG get listed for the given MC_Resource-Group, e.g. `aks-agentpool-12345678-nsg` when they are available **Environment summary** azure-cli-2.26.1-1.el7.x86_64 on openSUSE Leap 15.3
Author: svollath
Assignees: -
Labels: `AKS`, `Service Attention`
Milestone: -
yonzhan commented 3 years ago

route to service team

fsniper commented 2 years ago

This is something I am struggling too. Even waiting too many 20mins didn't work.

% az network nsg list -o table | grep MC_cluster-ylz-test_cluster-ylz-test_eastus
eastus      aks-agentpool-10899641-nsg  Succeeded            MC_cluster-ylz-test_cluster-ylz-test_eastus          1627be58-e4ec-462d-ab4f-4642af60fc63
% az network nsg list -g MC_cluster-ylz-test_cluster-ylz-test_eastus
[]