f

Author: awesomenix

e2e/aks_model.go

@@ -402,19 +402,28 @@ func ensureFirewallRouteTable(
 	rg := *clusterModel.Properties.NodeResourceGroup
 	routeTableName := "abe2e-fw-rt"
 	toolkit.Logf(ctx, "AKS subnet has no route table; creating dedicated firewall route table %q", routeTableName)
-	poller, err := config.Azure.RouteTables.BeginCreateOrUpdate(ctx, rg, routeTableName, armnetwork.RouteTable{
-		Location: clusterModel.Location,
-	}, nil)
-	if err != nil {
-		return "", fmt.Errorf("failed to start creating firewall route table %q: %w", routeTableName, err)
-	}
-	routeTableResp, err := poller.PollUntilDone(ctx, config.DefaultPollUntilDoneOptions)
+
+	var routeTableID *string
+	err := retryOn409(ctx, fmt.Sprintf("creating route table %s", routeTableName), func() error {
+		poller, err := config.Azure.RouteTables.BeginCreateOrUpdate(ctx, rg, routeTableName, armnetwork.RouteTable{
+			Location: clusterModel.Location,
+		}, nil)
+		if err != nil {
+			return fmt.Errorf("failed to start creating firewall route table %q: %w", routeTableName, err)
+		}
+		routeTableResp, err := poller.PollUntilDone(ctx, config.DefaultPollUntilDoneOptions)
+		if err != nil {
+			return fmt.Errorf("failed to create firewall route table %q: %w", routeTableName, err)
+		}
+		routeTableID = routeTableResp.ID
+		return nil
+	})
 	if err != nil {
-		return "", fmt.Errorf("failed to create firewall route table %q: %w", routeTableName, err)
+		return "", err
 	}
 
 	aksSubnet.Properties.RouteTable = &armnetwork.RouteTable{
-		ID: routeTableResp.ID,
+		ID: routeTableID,
 	}
 	if err := updateSubnet(ctx, clusterModel, aksSubnet, vnet); err != nil {
 		return "", fmt.Errorf("failed to associate firewall route table %q with AKS subnet: %w", routeTableName, err)
@@ -777,23 +786,32 @@ func createPrivateEndpoint(ctx context.Context, nodeResourceGroup, privateEndpoi
 			CustomDNSConfigs: []*armnetwork.CustomDNSConfigPropertiesFormat{},
 		},
 	}
-	poller, err := config.Azure.PrivateEndpointClient.BeginCreateOrUpdate(
-		ctx,
-		nodeResourceGroup,
-		privateEndpointName,
-		peParams,
-		nil,
-	)
-	if err != nil {
-		return nil, fmt.Errorf("failed to create private endpoint in BeginCreateOrUpdate: %w", err)
-	}
-	resp, err := poller.PollUntilDone(ctx, nil)
+
+	var result armnetwork.PrivateEndpoint
+	err = retryOn409(ctx, fmt.Sprintf("creating private endpoint %s", privateEndpointName), func() error {
+		poller, err := config.Azure.PrivateEndpointClient.BeginCreateOrUpdate(
+			ctx,
+			nodeResourceGroup,
+			privateEndpointName,
+			peParams,
+			nil,
+		)
+		if err != nil {
+			return fmt.Errorf("failed to create private endpoint in BeginCreateOrUpdate: %w", err)
+		}
+		resp, err := poller.PollUntilDone(ctx, nil)
+		if err != nil {
+			return fmt.Errorf("failed to create private endpoint in polling: %w", err)
+		}
+		result = resp.PrivateEndpoint
+		return nil
+	})
 	if err != nil {
-		return nil, fmt.Errorf("failed to create private endpoint in polling: %w", err)
+		return nil, err
 	}
 
-	toolkit.Logf(ctx, "Private Endpoint created or updated with ID: %s", *resp.ID)
-	return &resp.PrivateEndpoint, nil
+	toolkit.Logf(ctx, "Private Endpoint created or updated with ID: %s", *result.ID)
+	return &result, nil
 }
 
 func createPrivateZone(ctx context.Context, nodeResourceGroup, privateZoneName string) (*armprivatedns.PrivateZone, error) {
@@ -1048,13 +1066,12 @@ func createNetworkIsolatedSecurityGroup(ctx context.Context, cluster *armcontain
 }
 
 func updateSubnet(ctx context.Context, cluster *armcontainerservice.ManagedCluster, subnetParameters armnetwork.Subnet, vnet VNet) error {
-	poller, err := config.Azure.Subnet.BeginCreateOrUpdate(ctx, vnet.resourceGroup, vnet.name, vnet.subnetName, subnetParameters, nil)
-	if err != nil {
-		return err
-	}
-	_, err = poller.PollUntilDone(ctx, config.DefaultPollUntilDoneOptions)
-	if err != nil {
+	return retryOn409(ctx, fmt.Sprintf("updating subnet %s", vnet.subnetName), func() error {
+		poller, err := config.Azure.Subnet.BeginCreateOrUpdate(ctx, vnet.resourceGroup, vnet.name, vnet.subnetName, subnetParameters, nil)
+		if err != nil {
+			return err
+		}
+		_, err = poller.PollUntilDone(ctx, config.DefaultPollUntilDoneOptions)
 		return err
-	}
-	return nil
+	})
 }

e2e/shared_infra.go

@@ -5,8 +5,10 @@ import (
 	"crypto/sha256"
 	"errors"
 	"fmt"
+	"math/rand"
 	"net/http"
 	"strings"
+	"time"
 
 	"github.com/Azure/agentbaker/e2e/config"
 	"github.com/Azure/agentbaker/e2e/toolkit"
@@ -154,20 +156,22 @@ func ensureSubnet(ctx context.Context, rg, vnetName, subnetName, cidr string) er
 		return fmt.Errorf("checking subnet %s: %w", subnetName, err)
 	}
 
-	toolkit.Logf(ctx, "creating subnet %s (%s) in VNet %s", subnetName, cidr, vnetName)
-	poller, err := config.Azure.Subnet.BeginCreateOrUpdate(ctx, rg, vnetName, subnetName, armnetwork.Subnet{
-		Properties: &armnetwork.SubnetPropertiesFormat{
-			AddressPrefix: to.Ptr(cidr),
-		},
-	}, nil)
-	if err != nil {
-		return fmt.Errorf("creating subnet %s: %w", subnetName, err)
-	}
-	_, err = poller.PollUntilDone(ctx, config.DefaultPollUntilDoneOptions)
-	if err != nil {
-		return fmt.Errorf("waiting for subnet %s: %w", subnetName, err)
-	}
-	return nil
+	return retryOn409(ctx, fmt.Sprintf("creating subnet %s", subnetName), func() error {
+		toolkit.Logf(ctx, "creating subnet %s (%s) in VNet %s", subnetName, cidr, vnetName)
+		poller, err := config.Azure.Subnet.BeginCreateOrUpdate(ctx, rg, vnetName, subnetName, armnetwork.Subnet{
+			Properties: &armnetwork.SubnetPropertiesFormat{
+				AddressPrefix: to.Ptr(cidr),
+			},
+		}, nil)
+		if err != nil {
+			return fmt.Errorf("creating subnet %s: %w", subnetName, err)
+		}
+		_, err = poller.PollUntilDone(ctx, config.DefaultPollUntilDoneOptions)
+		if err != nil {
+			return fmt.Errorf("waiting for subnet %s: %w", subnetName, err)
+		}
+		return nil
+	})
 }
 
 func ensureSharedBastion(ctx context.Context, rg, location string) (string, error) {
@@ -478,7 +482,33 @@ func vnetFromSubnetID(ctx context.Context, subnetID string) (VNet, error) {
 	}, nil
 }
 
-// configureSharedVNet sets up the shared infrastructure and configures the cluster
+// retryOn409 retries an Azure operation that fails with 409 Conflict due to
+// concurrent writes on the same resource (e.g., VNet subnet creates).
+func retryOn409(ctx context.Context, operation string, fn func() error) error {
+	maxRetries := 10
+	for attempt := 0; attempt < maxRetries; attempt++ {
+		err := fn()
+		if err == nil {
+			return nil
+		}
+		var azErr *azcore.ResponseError
+		if !errors.As(err, &azErr) || azErr.StatusCode != http.StatusConflict {
+			return err
+		}
+		if attempt == maxRetries-1 {
+			return err
+		}
+		// jittered backoff: 2-8s
+		backoff := time.Duration(2+rand.Intn(6)) * time.Second
+		toolkit.Logf(ctx, "%s: 409 conflict (attempt %d/%d), retrying in %s...", operation, attempt+1, maxRetries, backoff)
+		select {
+		case <-time.After(backoff):
+		case <-ctx.Done():
+			return ctx.Err()
+		}
+	}
+	return fmt.Errorf("%s: exhausted retries", operation)
+}
 // model to use the shared user-assigned identity. The subnet is created later in
 // prepareCluster after the cluster name hash is computed, with an auto-allocated CIDR.
 func configureSharedVNet(ctx context.Context, model *armcontainerservice.ManagedCluster, location string) error {