Subnet / network profile previously used by deleted container group in a virtual network cannot be deleted

[juho9000]

I am implementing deployment of container groups in virtual networks for Terraform and ran into an issue where the deletion of subnet and/or network profile fails when trying to delete either the network profile or subnet that were used by a container group that has been deleted.

Code="InUseSubnetCannotBeDeleted" Message="Subnet examplesubnet is in use by /subscriptions/foo-bar/resourceGroups/foobar/providers/Microsoft.Network/networkProfiles/examplenetprofile/containerNetworkInterfaceConfigurations/examplecnic/ipConfigurations/exampleipconfig and cannot be deleted. In order to delete the subnet, delete all the resources within the subnet. See aka.ms/deletesubnet." Details=[]

Error deleting Network Profile "testnetprofile" (Resource Group "acctestRG-190623214354924962"): network.ProfilesClient#Delete: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="NetworkProfileAlreadyInUseWithContainerNics" Message="Network profile /subscriptions/63f29739-edbf-4318-93b8-7e697dd3d32a/resourceGroups/acctestRG-190623214354924962/providers/Microsoft.Network/networkProfiles/testnetprofile is already in use with container nics f7da78a9-c822-4df1-9f29-209f0835c199_testcnic; cannot update or delete" Details=[]

Please note: I can delete the resource after a short while (maybe a minute or so).

It would seem that resources are still being deleted behind the scenes after ContainerGroupsClient.Delete() has succeeded, and this is preventing the resources from being deleted.

I think that in order to support deploying container groups to virtual networks ContainerGroupsClient.Delete() should return azure.Future where we could call WaitForCompletion() in the same manner as when we're creating the container groups.

[kurtzeborn]

Thank you for opening this issue! We are routing it to the appropriate team for follow up.

[katbyte]

@jhendrixMSFT, and word on this?

[jhendrixMSFT]

@yangl900 Is ContainerGroups_Delete an async operation and the swagger just needs to be updated?

[yangl900]

The container group deletion API is a sync API, so swagger is correct. The network resource clean up is indeed an async process after the resource gets deleted. It's a good feedback the product team should consider. Right now the only way is probably by reading the network profile and see if there are connected IP configurations.

[katbyte]

@yangl900,

It sounds like the deletion API should become async, or not return until the resource cleanup is complete as right now it is returning before deletion is complete.

[tombuildsstuff]

@yangl900 any idea of a timeframe for when this'll be fixed?

[mvansoens]

Any update on this?

I can't redeploy the same arm template twice even if i'm adding other unrelated resources and ACI and VNET resources remain unchanged.

[shafqut]

Not sure if this is related to the API deletion, but encountering this scenario.
If you deploy ACI using json template, you can redeploy fine UNLESS you change the networkprofile, in our case we are adding a tag.
Assuming that the networkprofile is linked to the container instance and so is the reason it fails.

[ghost]

Thanks for the feedback! We are routing this to the appropriate team for follow-up. cc @vnetsuppgithub.

Issue Details

---

I am implementing deployment of container groups in virtual networks for Terraform and ran into an issue where the deletion of subnet and/or network profile fails when trying to delete either the network profile or subnet that were used by a container group that has been deleted.

Code="InUseSubnetCannotBeDeleted" Message="Subnet examplesubnet is in use by /subscriptions/foo-bar/resourceGroups/foobar/providers/Microsoft.Network/networkProfiles/examplenetprofile/containerNetworkInterfaceConfigurations/examplecnic/ipConfigurations/exampleipconfig and cannot be deleted. In order to delete the subnet, delete all the resources within the subnet. See aka.ms/deletesubnet." Details=[]

Error deleting Network Profile "testnetprofile" (Resource Group "acctestRG-190623214354924962"): network.ProfilesClient#Delete: Failure responding to request: StatusCode=400 -- Original Error: autorest/azure: Service returned an error. Status=400 Code="NetworkProfileAlreadyInUseWithContainerNics" Message="Network profile /subscriptions/63f29739-edbf-4318-93b8-7e697dd3d32a/resourceGroups/acctestRG-190623214354924962/providers/Microsoft.Network/networkProfiles/testnetprofile is already in use with container nics f7da78a9-c822-4df1-9f29-209f0835c199_testcnic; cannot update or delete" Details=[]

Please note: I can delete the resource after a short while (maybe a minute or so).

It would seem that resources are still being deleted behind the scenes after ContainerGroupsClient.Delete() has succeeded, and this is preventing the resources from being deleted.

I think that in order to support deploying container groups to virtual networks ContainerGroupsClient.Delete() should return azure.Future where we could call WaitForCompletion() in the same manner as when we're creating the container groups.

Author:	juho9000
Assignees:	-
Labels:	Service Attention, Mgmt, customer-reported, Network - Virtual Network
Milestone:	-

[lirenhe]

@juho9000, as this item has been created 2 years, i will close this item. If you still face this issue and want this issue to be fixed, please reopen this item.