Is anyone facing issues when you create an AKS cluster and then run it again? Here it's trying to update the subnet, even if no updates were done in code. When some pool is added, there are some changes to the vnet regarding ipconfig. Pulumi is refreshing then, and it's trying to delete the subnet to recreate. What is non-sense, as the subnet is attached. For anyone interested in this. When you activate the virtual-node addon, Azure will enable private links and endpoints. Pulumi will recognize this change and it will try to recreate the vnet. After all, azure-native will try to recreate the vnet if any node_pool is added (which make changes to the ipConfiguration) and a refresh is triggered:

azure-native:network:Subnet ferrajoli-subnet updated [diff: +ipConfigurations~etag]

azure-native:network:VirtualNetwork ferrajoli-vnet updating [diff: -subnets]

To avoid an error in each run, we had to set ignore_changes to subnets in vnet.

could you please share your code

Sure. Now we just moved to this:

self.vnet = network.VirtualNetwork(
            f"{self.config.cluster_name}-vnet",
            location=self.config.location,
            resource_group_name=self.rg.name,
            address_space=network.AddressSpaceArgs(address_prefixes=[address_space]),
            subnets=[
                network.SubnetArgs(
                    address_prefix=address_space,
                    private_endpoint_network_policies="Enabled",
                    private_link_service_network_policies="Enabled",
                    name=f"{self.config.cluster_name}-subnet",
                )
            ]
        )

Before we were creating the vnet, and then a subnet was assigned to this vnet. azure-native wasn't able to understand this, and after a refresh when azure returned the subnets as part of the vnet, it would try to recreate it. Moving the subnet initialization inside the vnet class, it stopped behaving weirdly.

This a ”feature“ since the dawn of Azure Resource Manager (ARM) that why I always create my subnets inside the VNET. The only time I don’t see the weirdness is with terraform which is correcting the issue behind the scenes. Since Pulumi goes to the ARM API, the result is the same as ARM templates and bicep. https://github.com/Azure/azure-quickstart-templates/issues/2786