{AKS} az aks enable-addons --addon monitoring: handle existing linked resource in AMPLS gracefully#31899
{AKS} az aks enable-addons --addon monitoring: handle existing linked resource in AMPLS gracefully#31899
az aks enable-addons --addon monitoring: handle existing linked resource in AMPLS gracefully#31899Conversation
zanejohnson-azure
requested review from
FumingZhang,
jsntcy,
yanzhudd and
zhoxing-ms
as code owners
️✔️AzureCLI-FullTest
|
️✔️AzureCLI-BreakingChangeTest
|
|
Thank you for your contribution! We will review the pull request and get back to you soon. |
|
The git hooks are available for azure-cli and azure-cli-extensions repos. They could help you run required checks before creating the PR. Please sync the latest code with latest dev branch (for azure-cli) or main branch (for azure-cli-extensions). pip install azdev --upgrade
azdev setup -c <your azure-cli repo path> -r <your azure-cli-extensions repo path>
|
microsoft-github-policy-service
bot
added
Auto-Assign
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
| error = e | ||
| except HttpResponseError as e: | ||
| if e.status_code == 409 and "Scoped resource with same linked resource id already exists" in str(e): | ||
| logger.info("Scoped resource with same linked resource id already exists, skipping") |
There was a problem hiding this comment.
how reliable this message? don't we have reliable way to check if the resource already exists than checking by message?
There was a problem hiding this comment.
changed to a more robust way
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
|
Please fix CI issues |
There was a problem hiding this comment.
Pull Request Overview
This PR fixes a conflict error that occurs when enabling AKS monitoring addon with AMPLS (Azure Monitor Private Link Scope) when the workspace is already linked to the AMPLS. The fix implements graceful handling by checking for existing linked resources before attempting to create new ones.
- Added a check to verify if a resource is already scoped to AMPLS before creating the scope
- Refactored the
create_ampls_scopefunction to be more generic and handle any scoped resource - Implemented proper error handling and logging for the AMPLS scoped resource verification
Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
| scoped_resources_data = json.loads(response.text) | ||
|
|
||
| # Check if any scoped resource has the same linkedResourceId | ||
| for i, scoped_resource in enumerate(scoped_resources_data.get('value', [])): |
There was a problem hiding this comment.
The variable i is unused in the loop. Consider using for scoped_resource in scoped_resources_data.get('value', []): instead to improve code clarity.
| for i, scoped_resource in enumerate(scoped_resources_data.get('value', [])): | |
| for scoped_resource in scoped_resources_data.get('value', []): |
|
@zanejohnson-azure please fix failed CI checks. |
|
/azp run |
|
there's still style check failure |
|
Azure Pipelines successfully started running 3 pipeline(s). |
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
|
Please fix CI issues |
|
please note that the code completion date for the upcoming release is 08/26/2025 07:00 UTC. If you want to catch this release train, please resolve the CI issues ASAP, otherwise it has to be postponed to next sprint (10/14) |
many other PRs are failing too. i believe the failing checks are caused by some other issues in az cli itself. I see there is a pending PR fix. TODO: rebase after the pending PR 31996 is merged. |
|
/azp run |
|
Azure Pipelines successfully started running 3 pipeline(s). |
Related command
az aks enable-addons --addon monitoring
Description
if the workspace already exists in the ampls, when enable container insights addon with amplsId for the first time, there will be an resource conflict error.
Testing Guide
az aks enable-addons --addon monitoring --name {cluster-name} --resource-group {resource-group-name} --workspace-resource-id {law-id} --ampls-resource-id {ampls-id}commit: e507960
(azure-cli-dev-env-dev-fork) azureuser@jumpbox-vm:/azure-cli-dev-fork$ deactivate
azureuser@jumpbox-vm:~/azure-cli-dev-fork$ az aks enable-addons
--addon monitoring
--name private-aks3
--resource-group private-rg3
--workspace-resource-id "/subscriptions//resourceGroups//providers/Microsoft.OperationalInsights/workspaces/bug-fix-1"
--ampls-resource-id "/subscriptions//resourceGroups//providers/microsoft.insights/privateLinkScopes/private-aks3-ampls"
Conflict({
"error": {
"code": "Conflict",
"message": "Scoped resource with same linked resource id already exists in this private link scope",
"innererror": {
"trace": [
"Microsoft.AppInsights.Nexus.ResourceStore.ResourceStoreException"
]
}
}
})
error is gone. logs can stream to log analytics workspace
azureuser@jumpbox-vm:/azure-cli-dev-fork$ source azure-cli-dev-env-dev-fork/bin/activate
(azure-cli-dev-env-dev-fork) azureuser@jumpbox-vm:~/azure-cli-dev-fork$ az aks enable-addons
--addon monitoring
--name private-aks3
--resource-group private-rg3
--workspace-resource-id "/subscriptions//resourceGroups//providers/Microsoft.OperationalInsights/workspaces/bug-fix-1"
--ampls-resource-id "/subscriptions//resourceGroups//providers/microsoft.insights/privateLinkScopes/private-aks3-ampls"
/home/azureuser/azure-cli-dev-fork/azure-cli-dev-env-dev-fork/bin/az:4: DeprecationWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html
import('pkg_resources').require('azure-cli==2.76.0')
/ InProgress ..
...
...
"workloadAutoScalerProfile": {
"keda": null,
"verticalPodAutoscaler": null
}
}
azureuser@jumpbox-vm:~/azure-cli-dev-fork$ az monitor log-analytics query
--workspace ""
--analytics-query "Heartbeat | where TimeGenerated > ago(30m)"
--timespan "PT30M"
[
{
"Category": "Azure Monitor Agent",
"Computer": "aks-userpool-xxxxxxx-vmss000001",
"ComputerEnvironment": "Non-Azure",
"ComputerIP": "fd40:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:xxxx",
"ComputerPrivateIPs": "["10.xxx.xxx.xxx"]",
"OSName": "Common Base Linux Mariner",
"OSType": "Linux",
"Resource": "private-aks3",
"ResourceGroup": "private-rg3",
"ResourceId": "/subscriptions//resourceGroups//providers/Microsoft.ContainerService/managedClusters/private-aks3",
"SubscriptionId": "",
"TenantId": "",
"TimeGenerated": "2025-08-01T05:16:23.8004461Z",
"_ResourceId": "/subscriptions//resourcegroups//providers/microsoft.containerservice/managedclusters/private-aks3"
}
]
~/Docker-Provider/test/scenario$ az monitor log-analytics query
--workspace "<REDACTED_WORKSPACE_ID>"
--analytics-query "ContainerLogV2 | where TimeGenerated > ago(30m)"
--timespan "PT2M"
/path/to/az:4: DeprecationWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html
import('pkg_resources').require('azure-cli==2.76.0')
[
{
"Computer": "<REDACTED_COMPUTER_NAME>",
"ContainerId": "<REDACTED_CONTAINER_ID>",
"ContainerName": "second-log-app",
"KubernetesMetadata": "None",
"LogLevel": "unknown",
"LogMessage": "281",
"LogSource": "stdout",
"PodName": "second-log-app-5474ff74c-sfpbm",
"PodNamespace": "windows-log-ltsc2022",
"SourceSystem": "",
"TableName": "PrimaryResult",
"TenantId": "<REDACTED_TENANT_ID>",
"TimeGenerated": "2025-08-01T17:16:23.8465413Z",
"Type": "ContainerLogV2",
"_ResourceId": "/subscriptions/<REDACTED_SUBSCRIPTION_ID>/resourcegroups/<REDACTED_RG>/providers/microsoft.containerservice/managedclusters/<REDACTED_CLUSTER>"
},
{
"Computer": "<REDACTED_COMPUTER_NAME>",
"ContainerId": "<REDACTED_CONTAINER_ID>",
"ContainerName": "second-log-app",
"KubernetesMetadata": "None",
"LogLevel": "unknown",
"LogMessage": "282",
"LogSource": "stdout",
"PodName": "second-log-app-5474ff74c-sfpbm",
"PodNamespace": "windows-log-ltsc2022",
"SourceSystem": "",
"TableName": "PrimaryResult",
"TenantId": "<REDACTED_TENANT_ID>",
"TimeGenerated": "2025-08-01T17:16:24.8573817Z",
"Type": "ContainerLogV2",
"_ResourceId": "/subscriptions/<REDACTED_SUBSCRIPTION_ID>/resourcegroups/<REDACTED_RG>/providers/microsoft.containerservice/managedclusters/<REDACTED_CLUSTER>"
}
]
History Notes
{AKS}
az aks enable-addons --addon monitoring: handle existing linked resource in AMPLS gracefullyThis checklist is used to make sure that common guidelines for a pull request are followed.
The PR title and description has followed the guideline in Submitting Pull Requests.
I adhere to the Command Guidelines.
I adhere to the Error Handling Guidelines.
commit: d1e446a
az monitor log-analytics query
--workspace ""
--analytics-query "ContainerLogV2 | where TimeGenerated > ago(5m)"
--timespan "PT30M"
/home//azure-cli-dev-env/bin/az:4: DeprecationWarning: pkg_resources is deprecated as an API. See https://setuptools.pypa.io/en/latest/pkg_resources.html
import('pkg_resources').require('azure-cli==2.76.0')
[
{
"Computer": "",
"ContainerId": "",
"ContainerName": "second-log-app",
"KubernetesMetadata": "None",
"LogLevel": "unknown",
"LogMessage": "20664",
"LogSource": "stdout",
"PodName": "second-log-app-",
"PodNamespace": "windows-log-ltsc2022",
"SourceSystem": "",
"TableName": "PrimaryResult",
"TenantId": "",
"TimeGenerated": "2025-08-01T22:58:45.4967915Z",
"Type": "ContainerLogV2",
"_ResourceId": "/subscriptions//resourcegroups//providers/microsoft.containerservice/managedclusters/"
},
{
"Computer": "",
"ContainerId": "",
"ContainerName": "second-log-app",
"KubernetesMetadata": "None",
"LogLevel": "unknown",
"LogMessage": "20665",
"LogSource": "stdout",
"PodName": "second-log-app-",
"PodNamespace": "windows-log-ltsc2022",
"SourceSystem": "",
"TableName": "PrimaryResult",
"TenantId": "",
"TimeGenerated": "2025-08-01T22:58:46.5169425Z",
"Type": "ContainerLogV2",
"_ResourceId": "/subscriptions//resourcegroups//providers/microsoft.containerservice/managedclusters/"
}
]