Azure
diff --git a/‎src/azure-cli/azure/cli/command_modules/acs/_consts.py‎
Lines changed: 1 addition & 0 deletions b/‎src/azure-cli/azure/cli/command_modules/acs/_consts.py‎
Lines changed: 1 addition & 0 deletions
diff --git a/‎src/azure-cli/azure/cli/command_modules/acs/addonconfiguration.py‎
Lines changed: 27 additions & 11 deletions b/‎src/azure-cli/azure/cli/command_modules/acs/addonconfiguration.py‎
Lines changed: 27 additions & 11 deletions
diff --git a/‎src/azure-cli/azure/cli/command_modules/acs/custom.py‎
Lines changed: 35 additions & 11 deletions b/‎src/azure-cli/azure/cli/command_modules/acs/custom.py‎
Lines changed: 35 additions & 11 deletions
@@ -150,6 +150,7 @@
 
 # monitoring
 CONST_MONITORING_ADDON_NAME = "omsagent"
+CONST_MONITORING_ADDON_NAME_CAMELCASE = "omsAgent"
 CONST_MONITORING_LOG_ANALYTICS_WORKSPACE_RESOURCE_ID = "logAnalyticsWorkspaceResourceID"
 CONST_MONITORING_USING_AAD_MSI_AUTH = "useAADAuth"
 
 
@@ -5,6 +5,7 @@
 import json
 import os
 import re
+import time
 
 from azure.cli.command_modules.acs._client_factory import get_resource_groups_client, get_resources_client
 from azure.cli.core.util import get_file_json
@@ -22,7 +23,7 @@
 from azure.cli.core.azclierror import AzCLIError, CLIError, InvalidArgumentValueError, ArgumentUsageError
 from azure.cli.core.profiles import ResourceType
 from azure.cli.core.util import send_raw_request
-from azure.core.exceptions import HttpResponseError
+from azure.core.exceptions import HttpResponseError, ResourceExistsError
 from azure.mgmt.core.tools import parse_resource_id, resource_id
 from knack.log import get_logger
 
@@ -325,18 +326,33 @@ def ensure_default_log_analytics_workspace_for_monitoring(
         location=workspace_region, properties={"sku": {"name": "standalone"}}
     )
 
-    async_poller = resources.begin_create_or_update_by_id(
-        default_workspace_resource_id, "2015-11-01-preview", generic_resource
-    )
+    # Retry with backoff for workspace provisioning conflicts (409 Conflict)
+    _MAX_RETRY_TIMES = 3
+    _RETRY_SLEEP_SECONDS = 30
+    for retry_count in range(_MAX_RETRY_TIMES):
+        try:
+            async_poller = resources.begin_create_or_update_by_id(
+                default_workspace_resource_id, "2015-11-01-preview", generic_resource
+            )
 
-    ws_resource_id = ""
-    while True:
-        result = async_poller.result(15)
-        if async_poller.done():
-            ws_resource_id = result.id
-            break
+            ws_resource_id = ""
+            while True:
+                result = async_poller.result(15)
+                if async_poller.done():
+                    ws_resource_id = result.id
+                    break
+
+            return ws_resource_id
+        except (HttpResponseError, ResourceExistsError) as ex:
+            if retry_count >= (_MAX_RETRY_TIMES - 1):
+                raise ex
+            logger.warning(
+                "Workspace creation conflict (attempt %d/%d), retrying in %ds...",
+                retry_count + 1, _MAX_RETRY_TIMES, _RETRY_SLEEP_SECONDS
+            )
+            time.sleep(_RETRY_SLEEP_SECONDS)
 
-    return ws_resource_id
+    return default_workspace_resource_id
 
 
 def sanitize_loganalytics_ws_resource_id(workspace_resource_id):
 
@@ -59,6 +59,7 @@
     CONST_INGRESS_APPGW_WATCH_NAMESPACE,
     CONST_KUBE_DASHBOARD_ADDON_NAME,
     CONST_MONITORING_ADDON_NAME,
+    CONST_MONITORING_ADDON_NAME_CAMELCASE,
     CONST_MONITORING_LOG_ANALYTICS_WORKSPACE_RESOURCE_ID,
     CONST_MONITORING_USING_AAD_MSI_AUTH,
     CONST_NODEPOOL_MODE_USER,
@@ -1510,19 +1511,31 @@ def _remove_nulls(managed_clusters):
     return managed_clusters
 
 
+def _get_monitoring_addon_key_custom(addon_profiles):
+    """Return the key present in addon_profiles for the monitoring addon (omsagent or omsAgent)."""
+    if addon_profiles is None:
+        return CONST_MONITORING_ADDON_NAME
+    if CONST_MONITORING_ADDON_NAME in addon_profiles:
+        return CONST_MONITORING_ADDON_NAME
+    if CONST_MONITORING_ADDON_NAME_CAMELCASE in addon_profiles:
+        return CONST_MONITORING_ADDON_NAME_CAMELCASE
+    return CONST_MONITORING_ADDON_NAME
+
+
 # pylint: disable=line-too-long
 def aks_disable_addons(cmd, client, resource_group_name, name, addons, no_wait=False):
     instance = client.get(resource_group_name, name)
     subscription_id = get_subscription_id(cmd.cli_ctx)
+    monitoring_addon_key = _get_monitoring_addon_key_custom(instance.addon_profiles)
     try:
-        if addons == "monitoring" and CONST_MONITORING_ADDON_NAME in instance.addon_profiles and \
-                instance.addon_profiles[CONST_MONITORING_ADDON_NAME].enabled and \
-                CONST_MONITORING_USING_AAD_MSI_AUTH in instance.addon_profiles[CONST_MONITORING_ADDON_NAME].config and \
-                str(instance.addon_profiles[CONST_MONITORING_ADDON_NAME].config[CONST_MONITORING_USING_AAD_MSI_AUTH]).lower() == 'true':
+        if addons == "monitoring" and monitoring_addon_key in instance.addon_profiles and \
+                instance.addon_profiles[monitoring_addon_key].enabled and \
+                CONST_MONITORING_USING_AAD_MSI_AUTH in instance.addon_profiles[monitoring_addon_key].config and \
+                str(instance.addon_profiles[monitoring_addon_key].config[CONST_MONITORING_USING_AAD_MSI_AUTH]).lower() == 'true':
             # remove the DCR association because otherwise the DCR can't be deleted
             ensure_container_insights_for_monitoring(
                 cmd,
-                instance.addon_profiles[CONST_MONITORING_ADDON_NAME],
+                instance.addon_profiles[monitoring_addon_key],
                 subscription_id,
                 resource_group_name,
                 name,
@@ -1612,12 +1625,13 @@ def aks_enable_addons(cmd, client, resource_group_name, name, addons,
 
     if need_pull_for_result:
         if enable_monitoring:
-            if CONST_MONITORING_USING_AAD_MSI_AUTH in instance.addon_profiles[CONST_MONITORING_ADDON_NAME].config and \
-               str(instance.addon_profiles[CONST_MONITORING_ADDON_NAME].config[CONST_MONITORING_USING_AAD_MSI_AUTH]).lower() == 'true':
+            monitoring_addon_key = _get_monitoring_addon_key_custom(instance.addon_profiles)
+            if CONST_MONITORING_USING_AAD_MSI_AUTH in instance.addon_profiles[monitoring_addon_key].config and \
+               str(instance.addon_profiles[monitoring_addon_key].config[CONST_MONITORING_USING_AAD_MSI_AUTH]).lower() == 'true':
                 if msi_auth:
                     # create a Data Collection Rule (DCR) and associate it with the cluster
                     ensure_container_insights_for_monitoring(
-                        cmd, instance.addon_profiles[CONST_MONITORING_ADDON_NAME],
+                        cmd, instance.addon_profiles[monitoring_addon_key],
                         subscription_id,
                         resource_group_name,
                         name,
@@ -1648,7 +1662,7 @@ def aks_enable_addons(cmd, client, resource_group_name, name, addons,
                     raise ArgumentUsageError(
                         "--ampls-resource-id supported only in MSI auth mode.")
                 ensure_container_insights_for_monitoring(
-                    cmd, instance.addon_profiles[CONST_MONITORING_ADDON_NAME], subscription_id, resource_group_name, name, instance.location, aad_route=False)
+                    cmd, instance.addon_profiles[monitoring_addon_key], subscription_id, resource_group_name, name, instance.location, aad_route=False)
 
         # adding a wait here since we rely on the result for role assignment
         result = LongRunningOperation(cmd.cli_ctx)(
@@ -1741,6 +1755,15 @@ def _update_addons(cmd, instance, subscription_id, resource_group_name, name, ad
                 addon_profile.config = {
                     CONST_MONITORING_LOG_ANALYTICS_WORKSPACE_RESOURCE_ID: workspace_resource_id}
                 addon_profile.config[CONST_MONITORING_USING_AAD_MSI_AUTH] = "true" if enable_msi_auth_for_monitoring else "false"
+
+                # Preserve enableRetinaNetworkFlags (CNL) if it was set on the existing addon
+                # or if container network logs are being enabled simultaneously
+                existing_cnl = None
+                existing_addon = addon_profiles.get(addon) or addon_profiles.get(CONST_MONITORING_ADDON_NAME_CAMELCASE)
+                if existing_addon and existing_addon.config:
+                    existing_cnl = existing_addon.config.get("enableRetinaNetworkFlags")
+                if existing_cnl is not None:
+                    addon_profile.config["enableRetinaNetworkFlags"] = existing_cnl
             elif addon == (CONST_VIRTUAL_NODE_ADDON_NAME + os_type):
                 if addon_profile.enabled:
                     raise CLIError('The virtual-node addon is already enabled for this managed cluster.\n'
@@ -4076,8 +4099,9 @@ def is_monitoring_addon_enabled(addons, instance):
                     break
 
         addon_profiles = instance.addon_profiles or {}
-        monitoring_addon_enabled = is_monitoring_addon and CONST_MONITORING_ADDON_NAME in addon_profiles and addon_profiles[
-            CONST_MONITORING_ADDON_NAME].enabled
+        monitoring_addon_key = _get_monitoring_addon_key_custom(addon_profiles)
+        monitoring_addon_enabled = is_monitoring_addon and monitoring_addon_key in addon_profiles and addon_profiles[
+            monitoring_addon_key].enabled
     except Exception as ex:  # pylint: disable=broad-except
         logger.debug("failed to check monitoring addon enabled: %s", ex)
     return monitoring_addon_enabled