I created a new Azure container instance (ACI) with a new vnet and subnet by Azure CLI
I deleted ACI from Azure portal and now Im trying to delete subnet but gives me the following errors:
Failed to delete subnet 'SubnetNAme'. Error: Subnet SubnetNAme is in use by aci-network-profile-VNETNAME-SubnetNAme/eth0/ipconfigprofile and cannot be deleted. In order to delete the subnet, delete all the resources within the subnet. See aka.ms/deletesubnet.
If I tried to access aci-network-profile-VNETNAME-SubnetNAme/eth0/ipconfigprofile, it tells me that doesnt exist this resource:
Details
The resource was not found, it may have been deleted. If this was launched from a pinned tile on the dashboard, it should be removed.
For your issue, instead of finding the aci-network-profile-VNETNAME-SubnetNAme/eth0/ipconfigprofile in the portal, you need to delete the Network Profile through Azure CLI command like this:
NETWORK_PROFILE_ID=$(az network profile list --resource-group yourResourceGroup --query [0].id --output tsv)
az network profile delete --id $NETWORK_PROFILE_ID -y
After you delete the Network Profile, then you can delete the subnet as you want. For mor details, see Delete network resources.
well, i'd assume your best bet is to try and find the lingering resource and delete it (rest api would work best here, probably). another option is to recreate the ACI with the same name and remove the binding to the network before deleting it.
And your last option would be to contact support ;)
I had the same issue and me help below steps to remove aci subnet and vnet with trash container nic:
1st - find name of problem network profile by command - > az network profile list --query [].name -o tsv
2nd - create resource by terraform -> resource "azurerm_network_profile" "example" with the same network profile name and problem subnet id.
3rd - after terraform successfully create network profile, remove it by -> az network profile delete --id ...(you can find id by az network profile list --query [].id -o tsv)
4th - go to portal and change subnet delegate from container to none, after save I could delete subnet and vnet.
Below is the solution. Sometime trying just delete doesn't work. Follow the below steps and which is tested and worked for me.
NETWORK_PROFILE_ID=$(az network profile list --resource-group yourResourceGroup --query [0].id --output tsv)
az network profile delete --id $NETWORK_PROFILE_ID -y
This is a known issue and Microsoft is working on it. The workaround that worked for me is to update the containerNetworkInterfaceConfigurations property in Network profile properties to an empty list
# Get network profile ID
NETWORK_PROFILE_ID=$(az network profile list --resource-group <reource-group-name> --query [0].id --output tsv)
az resource update --ids $NETWORK_PROFILE_ID --set properties.containerNetworkInterfaceConfigurations=[]
And then deleting it works
az network profile delete --id $NETWORK_PROFILE_ID -y
Related
I have two resource groups in Azure, each contains one VMSS (Virtual Machine Scale Sets) and the resources are visible in Azure Portal. The problem is, the following commands return empty output:
az resource list --subscription MySubscription -g vmss-rg
az vmss list --subscription MySubscription -g vmss-rg
az vmss list
However, running az resource list with different resource groups which doesn't have VMSS works fine. I also tested it with different Azure account and subscription, it also worked.
We have tested the same command in our local as suggested by #VenkateshDodda-MT and it works fine. Posting it as an answer to help other community members for the similar issue so that they can find and fix their problem.
To achieve the above requirement we need to install the az powershell module in our local .
Post that run the command in powershell to get the vmss list under our subscription or resource groups:-
az resource list --resource-type "Microsoft.Compute/virtualMachineScaleSets"
OUTPUT:-
To get the VMSS list under particular resource group run the below cmd:
az resource list --resource-type "Microsoft.Compute/virtualMachineScaleSets" -g '<rgName>'
OUTPUT:-
For more information please refer this SO THREAD:Azure PS command returns empty list as suggested by #Olga Osinskaya - MSFT
I created an aks using az cli with minimal parameters and specified a node-count and auto scaling. This created a nodepool and VMSS etc. and an accompanying vnet and subnet automatically.
How do I find out the created vnet and subnet using az cli?
az aks nodepool list --cluster-name aks -g rg-aks
report vnetSubnetId and podSubnetId as null.
Using
az vmss list
does show the subnet but I haven't found any properties of the vmss linking it to the nodepool or aks cluster to enable finding it.
The autogenerated name is something like:
aks-nodepool1-15343534-vmss
Which I guess I could filter for along the lines of aks-nodepool1-*-vmss but that seems dodgy and flaky.
I have tested in my environment
The VNET is created along with the VMSS in a different resource group which starts with MC_
To get the subnet ID, you can use the below script:
$CLUSTER_RESOURCE_GROUP = az aks show --resource-group RGName --name AKSClusterName --query nodeResourceGroup -o tsv
$VMSS_NAME = az vmss list -g $CLUSTER_RESOURCE_GROUP --query "[0].name"
az vmss show -g $CLUSTER_RESOURCE_GROUP -n $VMSS_NAME --query virtualMachineProfile.networkProfile.networkInterfaceConfigurations[0].ipConfigurations[0].subnet.id
I need to deploy Azure container instance in differents Resource Groups.
In one Resource Group I allocate only the ACI and on another Resource Group I allocate the Vnet
Is this possible? I think that is not possible by design
It's possible.
You can create an azure container instance in a virtual network that is in a different resource group from the container instance resource group.
Suppose you have created a vNet myvnet and subnet aci-subnet in the RG myvnetRG for your ACI. Then you could use the following deployment examples.
VnetId=$(az network Vnet show -g myvnetRG -n myvnet --query 'id' -o tsv)
az container create -n appcontainer -g containerRG --image mcr.microsoft.com/azuredocs/aci-helloworld --vnet $VnetId --subnet aci-subnet
You can also deploy a container group to an existing virtual network by using a YAML file, then specify several additional properties like network profile and ID in the YAML.
It is possible by design, but why would you want to do that? It is not a recommended design thought.
If your resource groups in the different regions, you could configure a Vnet-to-Vnet connection. For your reference:
https://learn.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-howto-vnet-vnet-resource-manager-portal
I am attempting to create a private link service that can be reached from a different region. I am getting conflicting information from Azure documentation, with one link suggesting "global reach" and another link limiting that
Global reach
Limitations
In practice, I have one private-resource-vnet in westus and one vnet in eastus. After creating a load balancer per the documentation in the private-resource-vnet, I add a private link to that vnet and resource, and attempt to link it to a private endpoint. The below sample shows adding an endpoint in both eastus (where the private link is) and westus (where the vnet to reach the link is)
PS Azure:\> az network private-endpoint create --name privateEndpoint --resource-group MyResourceGroup --vnet-name clientVNet --subnet clientSubnet --private-connection-resource-id "/subscription/link/to/private/resource/in/eastus" --connection-name myPLS --location westus
This command is in preview. It may be changed/removed in a future release.
InvalidResourceReference - Resource /subscriptions/[...]/CLIENTVNET referenced by resource /subscriptions/[...]/privateEndpoint was not found. Please make sure that the referenced resource exists, and that both resources are in the same region.
PS Azure:\> az network private-endpoint create --name privateEndpoint --resource-group MyResourceGroup --vnet-name clientVNet --subnet clientSubnet --private-connection-resource-id "/subscription/link/to/private/resource/in/eastus" --connection-name myPLS --location eastus
This command is in preview. It may be changed/removed in a future release.
Deployment failed. Correlation ID: [...]. Resource /subscriptions/[...]/myPLS not found.
I would greatly appreciate some insight on what I'm missing here!
Cross-region works with Azure services (SQL, Storage) that are behind Private Link. Customer owned services are limited to same region. Cross-region will be supported in the future.
I was attempting to test the new VNet Integration for App Services so I connected my App Service to the subnet 'AppServicesSubnet'. It never worked, always was showing a loading message. So after a few days I then disconnected it, which it said failed but the status showed as 'not configured' regardless.
However I am unable to delete the subnet 'AppServicesSubnet'. It says
"Failed to delete subnet 'AppServicesSubnet'. Error: Subnet
AppServicesSubnet is in use by
AppGroup-DEV/providers/Microsoft.Web/serverfarms/AppServicePlan-DEV
and cannot be deleted."
So I then deleted the app service plan 'AppServicePlan-DEV' this took about 30 minutes and succeeded. However I can still not delete the subnet 'AppServicesSubnet' with the same error given above.
I also cannot delete the virtual network 'Network-DEV' as a similar message is reported:
"Failed to delete virtual network 'Network-DEV'. Error: Subnet
AppServicesSubnet is in use by
AppGroup-DEV/providers/Microsoft.Web/serverfarms/AppServicePlan-DEV
and cannot be deleted."
The app service plan 'AppServicePlan-DEV' doesn't even exist anymore so I'm not sure how to clean up this subnet.
Any help on how to just get rid of this lingering subnet would be much appreciated.
Background on the new App Service VNet Integration Preview can be found here:
https://blogs.msdn.microsoft.com/appserviceteam/2018/10/17/new-app-service-vnet-integration-feature/
and here:
https://learn.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet#new-vnet-integration
Was able to work around this error after it hit us this week. Wanted to test the preview vnet integration. Turned it on, decided it was what we were looking for, then deleted it (to go back and add to automation) only to have automation fail because of this error.
I worked around it by:
adding back the preview connection to the app service I had originally add/ deleted it from.
Then disconnected it again.
This time, however, I was able to delete the subnet as expected.
Definitely a bug somewhere. If you have gone so far as to delete the app service itself and are still having this error...that's a different story.
I had a similar issue. I wasn't able to delete a a subnet because it was in use by some resource that didn't exist (in my point of view)....
So i ran this cli script to delete my subnet and my vNet.
RES_GROUP={Replace to your rg}
VNET_NAME={Replace to your vnet}
SUBNET_NAME={Replace to your subnet}
NETWORK_PROFILE_ID=$(az network profile list --resource-group $RES_GROUP --query [0].id --output tsv)
az network profile delete --id $NETWORK_PROFILE_ID -y
SAL_ID=$(az network vnet subnet show --resource-group $RES_GROUP --vnet-name $VNET_NAME --name $SUBNET_NAME --query id --output tsv)/providers/Microsoft.ContainerInstance/serviceAssociationLinks/default
az resource delete --ids $SAL_ID --api-version 2018-07-01
az network vnet subnet update --resource-group $RES_GROUP --vnet-name $VNET_NAME --name $SUBNET_NAME--remove delegations 0
az network vnet subnet delete --resource-group $RES_GROUP --vnet-name $VNET_NAME --name $SUBNET_NAME
az network vnet delete --resource-group $RES_GROUP --name $VNET_NAME
I tried again after a month and was able to delete the subnet in question. I guess it just takes some time for the new App Service VNet Integration (Preview) to be unregistered after it is disconnected.