From f2fc2a089a5cc9204d4cf76a7a29843fa1a09ac6 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Fri, 17 Oct 2025 19:55:04 -0700
Subject: [PATCH 01/45] init swiftv2 pipeline for persistent tests on aks
 clusters.

---
 .pipelines/swiftv2-long-running/pipeline.yaml |  47 +++++
 .../long-running-pipeline-template.yaml       | 165 ++++++++++++++++++
 2 files changed, 212 insertions(+)
 create mode 100644 .pipelines/swiftv2-long-running/pipeline.yaml
 create mode 100644 .pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml

diff --git a/.pipelines/swiftv2-long-running/pipeline.yaml b/.pipelines/swiftv2-long-running/pipeline.yaml
new file mode 100644
index 0000000000..f0c446f0d0
--- /dev/null
+++ b/.pipelines/swiftv2-long-running/pipeline.yaml
@@ -0,0 +1,47 @@
+trigger: none
+
+parameters:
+  - name: subscriptionId
+    displayName: "Azure Subscription ID"
+    type: string
+
+  - name: location
+    displayName: "Deployment Region"
+    type: string
+    default: "eastus"
+
+  - name: resourceGroupName
+    displayName: "Resource Group Name"
+    type: string
+    default: "sing-$(Build.BuildId)"
+
+  - name: cluster1Name
+    displayName: "AKS Cluster 1 Name"
+    type: string
+    default: "aks-cluster-a"
+
+  - name: cluster2Name
+    displayName: "AKS Cluster 2 Name"
+    type: string
+    default: "aks-cluster-b"
+
+  - name: nodeVmSize
+    displayName: "VM Size for Node Pool (supports 7 NICs)"
+    type: string
+    default: "Standard_D8as_v4"
+
+  - name: serviceConnection
+    displayName: "Azure Service Connection"
+    type: string
+    default: "Azure-Networking-ServiceConn"
+
+extends:
+  template: templates/long-running-pipeline-template.yml
+  parameters:
+    subscriptionId: ${{ parameters.subscriptionId }}
+    location: ${{ parameters.location }}
+    resourceGroupName: ${{ parameters.resourceGroupName }}
+    cluster1Name: ${{ parameters.cluster1Name }}
+    cluster2Name: ${{ parameters.cluster2Name }}
+    nodeVmSize: ${{ parameters.nodeVmSize }}
+    serviceConnection: ${{ parameters.serviceConnection }}
diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
new file mode 100644
index 0000000000..5de12386f3
--- /dev/null
+++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
@@ -0,0 +1,165 @@
+parameters:
+  - name: subscriptionId
+    type: string
+  - name: location
+    type: string
+  - name: resourceGroupName
+    type: string
+  - name: cluster1Name
+    type: string
+  - name: cluster2Name
+    type: string
+  - name: nodeVmSize
+    type: string
+  - name: serviceConnection
+    type: string
+
+stages:
+  - stage: Setup
+    displayName: "Create AKS Infra Setup"
+    jobs:
+      # ------------------------------------------------------------
+      # Job 1: Create Resource Group and AKS Clusters
+      # ------------------------------------------------------------
+      - job: Create_RG_and_AKS
+        displayName: "Create RG and AKS Clusters"
+        pool:
+          vmImage: ubuntu-latest
+        steps:
+          - checkout: self
+
+          - task: AzureCLI@2
+            displayName: "Create Resource Group and AKS Clusters"
+            inputs:
+              azureSubscription: ${{ parameters.serviceConnection }}
+              scriptType: bash
+              scriptLocation: inlineScript
+              inlineScript: |
+                set -e
+                echo "Setting subscription..."
+                az account set --subscription ${{ parameters.subscriptionId }}
+
+                echo "Creating resource group..."
+                az group create -n ${{ parameters.resourceGroupName }} -l ${{ parameters.location }}
+
+                echo "Creating first AKS cluster..."
+                az aks create \
+                  -g ${{ parameters.resourceGroupName }} \
+                  -n ${{ parameters.cluster1Name }} \
+                  -l ${{ parameters.location }} \
+                  --network-plugin azure \
+                  --node-count 1 \
+                  --node-vm-size ${{ parameters.nodeVmSize }} \
+                  --generate-ssh-keys
+
+                echo "Adding node pool to first cluster..."
+                az aks nodepool add \
+                  --cluster-name ${{ parameters.cluster1Name }} \
+                  --resource-group ${{ parameters.resourceGroupName }} \
+                  --name np1 \
+                  --node-count 2 \
+                  --node-vm-size ${{ parameters.nodeVmSize }}
+
+                echo "Creating second AKS cluster..."
+                az aks create \
+                  -g ${{ parameters.resourceGroupName }} \
+                  -n ${{ parameters.cluster2Name }} \
+                  -l ${{ parameters.location }} \
+                  --network-plugin azure \
+                  --node-count 1 \
+                  --node-vm-size ${{ parameters.nodeVmSize }} \
+                  --generate-ssh-keys
+
+                echo "Adding node pool to second cluster..."
+                az aks nodepool add \
+                  --cluster-name ${{ parameters.cluster2Name }} \
+                  --resource-group ${{ parameters.resourceGroupName }} \
+                  --name np2 \
+                  --node-count 2 \
+                  --node-vm-size ${{ parameters.nodeVmSize }}
+
+      # ------------------------------------------------------------
+      # Job 2: Create Customer VNets and Peerings
+      # ------------------------------------------------------------
+      - job: Create_VNets
+        displayName: "Create Customer VNets and Peerings"
+        dependsOn: Create_RG_and_AKS
+        pool:
+          vmImage: ubuntu-latest
+        steps:
+          - task: AzureCLI@2
+            displayName: "Create and Peer VNets"
+            inputs:
+              azureSubscription: ${{ parameters.serviceConnection }}
+              scriptType: bash
+              scriptLocation: inlineScript
+              inlineScript: |
+                set -e
+                az account set --subscription ${{ parameters.subscriptionId }}
+
+                echo "Creating Customer VNets..."
+                az network vnet create \
+                  -g ${{ parameters.resourceGroupName }} \
+                  -n customerVnetA \
+                  --address-prefix 10.10.0.0/16 \
+                  -l ${{ parameters.location }}
+
+                az network vnet create \
+                  -g ${{ parameters.resourceGroupName }} \
+                  -n customerVnetB \
+                  --address-prefix 10.20.0.0/16 \
+                  -l ${{ parameters.location }}
+
+                echo "Peering Customer VNets..."
+                az network vnet peering create \
+                  -n peerAB \
+                  -g ${{ parameters.resourceGroupName }} \
+                  --vnet-name customerVnetA \
+                  --remote-vnet customerVnetB \
+                  --allow-vnet-access
+
+                az network vnet peering create \
+                  -n peerBA \
+                  -g ${{ parameters.resourceGroupName }} \
+                  --vnet-name customerVnetB \
+                  --remote-vnet customerVnetA \
+                  --allow-vnet-access
+
+      # ------------------------------------------------------------
+      # Job 3: Create Storage Account and Private Endpoints
+      # ------------------------------------------------------------
+      - job: Create_Storage
+        displayName: "Create Storage Account and Private Endpoints"
+        dependsOn: Create_VNets
+        pool:
+          vmImage: ubuntu-latest
+        steps:
+          - task: AzureCLI@2
+            displayName: "Create Storage Account and Private Endpoint"
+            inputs:
+              azureSubscription: ${{ parameters.serviceConnection }}
+              scriptType: bash
+              scriptLocation: inlineScript
+              inlineScript: |
+                set -e
+                az account set --subscription ${{ parameters.subscriptionId }}
+
+                echo "Creating Storage Account..."
+                STORAGE_NAME="sa${{ parameters.resourceGroupName }}$RANDOM"
+                az storage account create \
+                  -n $STORAGE_NAME \
+                  -g ${{ parameters.resourceGroupName }} \
+                  -l ${{ parameters.location }} \
+                  --sku Standard_LRS
+
+                echo "Creating Private Endpoint..."
+                STORAGE_ID=$(az storage account show -n $STORAGE_NAME -g ${{ parameters.resourceGroupName }} --query id -o tsv)
+                az network private-endpoint create \
+                  -n sa-endpoint \
+                  -g ${{ parameters.resourceGroupName }} \
+                  -l ${{ parameters.location }} \
+                  --vnet-name customerVnetA \
+                  --subnet default \
+                  --private-connection-resource-id $STORAGE_ID \
+                  --group-id blob \
+                  --connection-name sa-connection

From f3957899f746c2c1f57aa1fc3a97f0fcfe9e7c21 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Fri, 17 Oct 2025 22:08:25 -0700
Subject: [PATCH 02/45] Set default params.

---
 .pipelines/swiftv2-long-running/pipeline.yaml | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/pipeline.yaml b/.pipelines/swiftv2-long-running/pipeline.yaml
index f0c446f0d0..5412fe8702 100644
--- a/.pipelines/swiftv2-long-running/pipeline.yaml
+++ b/.pipelines/swiftv2-long-running/pipeline.yaml
@@ -4,11 +4,12 @@ parameters:
   - name: subscriptionId
     displayName: "Azure Subscription ID"
     type: string
+    default: "37deca37-c375-4a14-b90a-043849bd2bf1"
 
   - name: location
     displayName: "Deployment Region"
     type: string
-    default: "eastus"
+    default: "centraluseuap"
 
   - name: resourceGroupName
     displayName: "Resource Group Name"
@@ -33,10 +34,10 @@ parameters:
   - name: serviceConnection
     displayName: "Azure Service Connection"
     type: string
-    default: "Azure-Networking-ServiceConn"
+    default: "Azure Network Agent - Test Standalone - Service Connection"
 
 extends:
-  template: templates/long-running-pipeline-template.yml
+  template: template/long-running-pipeline-template.yaml
   parameters:
     subscriptionId: ${{ parameters.subscriptionId }}
     location: ${{ parameters.location }}

From 30e5c30ddd81f81f08b2315fd84f845482efbfe9 Mon Sep 17 00:00:00 2001
From: sivakami-projects <126191544+sivakami-projects@users.noreply.github.com>
Date: Fri, 17 Oct 2025 22:22:59 -0700
Subject: [PATCH 03/45] Update pipeline.yaml for Azure Pipelines

---
 .pipelines/swiftv2-long-running/pipeline.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.pipelines/swiftv2-long-running/pipeline.yaml b/.pipelines/swiftv2-long-running/pipeline.yaml
index 5412fe8702..961e297b9f 100644
--- a/.pipelines/swiftv2-long-running/pipeline.yaml
+++ b/.pipelines/swiftv2-long-running/pipeline.yaml
@@ -34,7 +34,7 @@ parameters:
   - name: serviceConnection
     displayName: "Azure Service Connection"
     type: string
-    default: "Azure Network Agent - Test Standalone - Service Connection"
+    default: "Azure Container Networking - Standalone Test Service Connection"
 
 extends:
   template: template/long-running-pipeline-template.yaml

From 4237bd5570568185ea3110ae95a105a9125d8219 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Mon, 20 Oct 2025 18:22:17 -0700
Subject: [PATCH 04/45] long running pipeline infra setup.

---
 .pipelines/swiftv2-long-running/pipeline.yaml |  85 +++++---
 .../scripts/create_aks.sh                     |  22 ++
 .../scripts/create_nsg.sh                     |  10 +
 .../scripts/create_peerings.sh                |  17 ++
 .../scripts/create_storage.sh                 |  24 +++
 .../scripts/create_vnets.sh                   |  33 +++
 .../long-running-pipeline-template.yaml       | 189 ++++--------------
 7 files changed, 195 insertions(+), 185 deletions(-)
 create mode 100644 .pipelines/swiftv2-long-running/scripts/create_aks.sh
 create mode 100644 .pipelines/swiftv2-long-running/scripts/create_nsg.sh
 create mode 100644 .pipelines/swiftv2-long-running/scripts/create_peerings.sh
 create mode 100644 .pipelines/swiftv2-long-running/scripts/create_storage.sh
 create mode 100644 .pipelines/swiftv2-long-running/scripts/create_vnets.sh

diff --git a/.pipelines/swiftv2-long-running/pipeline.yaml b/.pipelines/swiftv2-long-running/pipeline.yaml
index 961e297b9f..4e8cc6b93d 100644
--- a/.pipelines/swiftv2-long-running/pipeline.yaml
+++ b/.pipelines/swiftv2-long-running/pipeline.yaml
@@ -1,48 +1,71 @@
-trigger: none
+trigger:
+- main
 
 parameters:
   - name: subscriptionId
-    displayName: "Azure Subscription ID"
     type: string
     default: "37deca37-c375-4a14-b90a-043849bd2bf1"
-
   - name: location
-    displayName: "Deployment Region"
     type: string
     default: "centraluseuap"
-
   - name: resourceGroupName
-    displayName: "Resource Group Name"
-    type: string
-    default: "sing-$(Build.BuildId)"
-
-  - name: cluster1Name
-    displayName: "AKS Cluster 1 Name"
     type: string
-    default: "aks-cluster-a"
-
-  - name: cluster2Name
-    displayName: "AKS Cluster 2 Name"
+    default: "long-run-$(date +%s)"
+  - name: vmSkuDefault
     type: string
-    default: "aks-cluster-b"
-
-  - name: nodeVmSize
-    displayName: "VM Size for Node Pool (supports 7 NICs)"
+    default: "Standard_D2s_v3"
+  - name: vmSkuHighNIC
     type: string
-    default: "Standard_D8as_v4"
-
+    default: "Standard_D16s_v3"
   - name: serviceConnection
     displayName: "Azure Service Connection"
     type: string
     default: "Azure Container Networking - Standalone Test Service Connection"
 
-extends:
-  template: template/long-running-pipeline-template.yaml
-  parameters:
-    subscriptionId: ${{ parameters.subscriptionId }}
-    location: ${{ parameters.location }}
-    resourceGroupName: ${{ parameters.resourceGroupName }}
-    cluster1Name: ${{ parameters.cluster1Name }}
-    cluster2Name: ${{ parameters.cluster2Name }}
-    nodeVmSize: ${{ parameters.nodeVmSize }}
-    serviceConnection: ${{ parameters.serviceConnection }}
+stages:
+  - stage: AKSClusterAndNetworking
+    displayName: "Stage: AKS Cluster and Networking Setup"
+    jobs:
+      - template: pipeline-template.yaml
+        parameters:
+          jobName: create-aks
+          scriptPath: "infra/scripts/01_create_aks.sh"
+          subscriptionId: ${{ parameters.subscriptionId }}
+          location: ${{ parameters.location }}
+          resourceGroupName: ${{ parameters.resourceGroupName }}
+          vmSkuDefault: ${{ parameters.vmSkuDefault }}
+          vmSkuHighNIC: ${{ parameters.vmSkuHighNIC }}
+
+      - template: pipeline-template.yaml
+        parameters:
+          jobName: create-vnets
+          scriptPath: "infra/scripts/02_create_vnets.sh"
+          subscriptionId: ${{ parameters.subscriptionId }}
+          location: ${{ parameters.location }}
+          resourceGroupName: ${{ parameters.resourceGroupName }}
+        dependsOn: create-aks
+
+      - template: pipeline-template.yaml
+        parameters:
+          jobName: create-peerings
+          scriptPath: "infra/scripts/03_create_peerings.sh"
+          subscriptionId: ${{ parameters.subscriptionId }}
+          resourceGroupName: ${{ parameters.resourceGroupName }}
+        dependsOn: create-vnets
+
+      - template: pipeline-template.yaml
+        parameters:
+          jobName: create-storage
+          scriptPath: "infra/scripts/04_create_storage.sh"
+          subscriptionId: ${{ parameters.subscriptionId }}
+          location: ${{ parameters.location }}
+          resourceGroupName: ${{ parameters.resourceGroupName }}
+        dependsOn: create-peerings
+
+      - template: pipeline-template.yaml
+        parameters:
+          jobName: create-nsg
+          scriptPath: "infra/scripts/05_create_nsg.sh"
+          subscriptionId: ${{ parameters.subscriptionId }}
+          resourceGroupName: ${{ parameters.resourceGroupName }}
+        dependsOn: create-storage
diff --git a/.pipelines/swiftv2-long-running/scripts/create_aks.sh b/.pipelines/swiftv2-long-running/scripts/create_aks.sh
new file mode 100644
index 0000000000..c0406a1dd9
--- /dev/null
+++ b/.pipelines/swiftv2-long-running/scripts/create_aks.sh
@@ -0,0 +1,22 @@
+#!/usr/bin/env bash
+set -e
+
+az account set --subscription "$SUBSCRIPTION_ID"
+
+echo "==> Creating resource group: $RG"
+az group create -n "$RG" -l "$LOCATION" --output none
+
+# AKS clusters
+for CLUSTER in "aks-cluster-a" "aks-cluster-b"; do
+  echo "==> Creating AKS cluster: $CLUSTER"
+  az aks create -g "$RG" -n "$CLUSTER" -l "$LOCATION" \
+    --network-plugin azure --node-count 1 \
+    --node-vm-size "$VM_SKU_DEFAULT" \
+    --enable-managed-identity --generate-ssh-keys \
+    --load-balancer-sku standard --yes
+
+  echo "==> Adding high-NIC nodepool to $CLUSTER"
+  az aks nodepool add -g "$RG" -n highnic \
+    --cluster-name "$CLUSTER" --node-count 2 \
+    --node-vm-size "$VM_SKU_HIGHNIC" --mode User
+done
diff --git a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
new file mode 100644
index 0000000000..f6f595f16b
--- /dev/null
+++ b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
@@ -0,0 +1,10 @@
+#!/usr/bin/env bash
+set -e
+
+VNET_A1="delegated_vnet_a1"
+S1_PREFIX="10.10.1.0/24"
+S2_PREFIX="10.10.2.0/24"
+NSG_NAME="${VNET_A1}-nsg"
+
+az network nsg create -g "$RG" -n "$NSG_NAME" --output none
+az network nsg rule create -g "$RG"
diff --git a/.pipelines/swiftv2-long-running/scripts/create_peerings.sh b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh
new file mode 100644
index 0000000000..a40343cd67
--- /dev/null
+++ b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh
@@ -0,0 +1,17 @@
+#!/usr/bin/env bash
+set -e
+
+VNET_A1="delegated_vnet_a1"
+VNET_A2="delegated_vnet_a2"
+VNET_A3="delegated_vnet_a3"
+
+peer_two_vnets() {
+  local rg="$1"; local v1="$2"; local v2="$3"; local name12="$4"; local name21="$5"
+  az network vnet peering create -g "$rg" -n "$name12" --vnet-name "$v1" --remote-vnet "$v2" --allow-vnet-access --output none
+  az network vnet peering create -g "$rg" -n "$name21" --vnet-name "$v2" --remote-vnet "$v1" --allow-vnet-access --output none
+}
+
+peer_two_vnets "$RG" "$VNET_A1" "$VNET_A2" "A1-to-A2" "A2-to-A1"
+peer_two_vnets "$RG" "$VNET_A2" "$VNET_A3" "A2-to-A3" "A3-to-A2"
+peer_two_vnets "$RG" "$VNET_A1" "$VNET_A3" "A1-to-A3" "A3-to-A1"
+echo "VNet peerings created successfully."
\ No newline at end of file
diff --git a/.pipelines/swiftv2-long-running/scripts/create_storage.sh b/.pipelines/swiftv2-long-running/scripts/create_storage.sh
new file mode 100644
index 0000000000..384e070af8
--- /dev/null
+++ b/.pipelines/swiftv2-long-running/scripts/create_storage.sh
@@ -0,0 +1,24 @@
+#!/usr/bin/env bash
+set -e
+
+RAND=$(openssl rand -hex 4)
+SA1="sa1${RAND}"
+SA2="sa2${RAND}"
+API_VER="2025-06-01"
+
+# Create storage accounts
+for SA in "$SA1" "$SA2"; do
+  echo "==> Creating storage account $SA"
+  az rest --method put \
+    --url "https://management.azure.com/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RG/providers/Microsoft.Storage/storageAccounts/$SA?api-version=$API_VER" \
+    --body "{
+      \"location\": \"$LOCATION\",
+      \"sku\": { \"name\": \"Standard_LRS\" },
+      \"kind\": \"StorageV2\",
+      \"properties\": {
+        \"minimumTlsVersion\": \"TLS1_2\",
+        \"allowBlobPublicAccess\": false,
+        \"allowSharedKeyAccess\": false
+      }
+    }"
+done
diff --git a/.pipelines/swiftv2-long-running/scripts/create_vnets.sh b/.pipelines/swiftv2-long-running/scripts/create_vnets.sh
new file mode 100644
index 0000000000..2ae4be9b22
--- /dev/null
+++ b/.pipelines/swiftv2-long-running/scripts/create_vnets.sh
@@ -0,0 +1,33 @@
+#!/usr/bin/env bash
+set -e
+
+# VNets and subnets
+VNET_A1="cx_vnet_a1"
+VNET_A2="cx_vnet_a2"
+VNET_A3="cx_vnet_a3"
+VNET_B1="cx_vnet_b1"
+
+A1_S1="10.10.1.0/24"
+A1_S2="10.10.2.0/24"
+A1_PE="10.10.100.0/24"
+A2_MAIN="10.11.1.0/24"
+A2_PE="10.11.100.0/24"
+A3_MAIN="10.12.1.0/24"
+A3_PE="10.12.100.0/24"
+B1_MAIN="10.20.1.0/24"
+
+# A1
+az network vnet create -g "$RG" -n "$VNET_A1" --address-prefix 10.10.0.0/16 --subnet-name s1 --subnet-prefix "$A1_S1" -l "$LOCATION" --output none
+az network vnet subnet create -g "$RG" --vnet-name "$VNET_A1" -n s2 --address-prefix "$A1_S2" --output none
+az network vnet subnet create -g "$RG" --vnet-name "$VNET_A1" -n pe --address-prefix "$A1_PE" --output none
+
+# A2
+az network vnet create -g "$RG" -n "$VNET_A2" --address-prefix 10.11.0.0/16 --subnet-name s-A2 --subnet-prefix "$A2_MAIN" -l "$LOCATION" --output none
+az network vnet subnet create -g "$RG" --vnet-name "$VNET_A2" -n pe --address-prefix "$A2_PE" --output none
+
+# A3
+az network vnet create -g "$RG" -n "$VNET_A3" --address-prefix 10.12.0.0/16 --subnet-name s-A3 --subnet-prefix "$A3_MAIN" -l "$LOCATION" --output none
+az network vnet subnet create -g "$RG" --vnet-name "$VNET_A3" -n pe --address-prefix "$A3_PE" --output none
+
+# B1
+az network vnet create -g "$RG" -n "$VNET_B1" --address-prefix 10.20.0.0/16 --subnet-name s-B1 --subnet-prefix "$B1_MAIN" -l "$LOCATION" --output none
diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
index 5de12386f3..faec5970ca 100644
--- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
+++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
@@ -1,165 +1,46 @@
 parameters:
+  - name: jobName
+    type: string
+  - name: scriptPath
+    type: string
   - name: subscriptionId
     type: string
   - name: location
     type: string
+    default: ""
   - name: resourceGroupName
     type: string
-  - name: cluster1Name
-    type: string
-  - name: cluster2Name
+  - name: vmSkuDefault
     type: string
-  - name: nodeVmSize
+    default: ""
+  - name: vmSkuHighNIC
     type: string
+    default: ""
   - name: serviceConnection
     type: string
-
-stages:
-  - stage: Setup
-    displayName: "Create AKS Infra Setup"
-    jobs:
-      # ------------------------------------------------------------
-      # Job 1: Create Resource Group and AKS Clusters
-      # ------------------------------------------------------------
-      - job: Create_RG_and_AKS
-        displayName: "Create RG and AKS Clusters"
-        pool:
-          vmImage: ubuntu-latest
-        steps:
-          - checkout: self
-
-          - task: AzureCLI@2
-            displayName: "Create Resource Group and AKS Clusters"
-            inputs:
-              azureSubscription: ${{ parameters.serviceConnection }}
-              scriptType: bash
-              scriptLocation: inlineScript
-              inlineScript: |
-                set -e
-                echo "Setting subscription..."
-                az account set --subscription ${{ parameters.subscriptionId }}
-
-                echo "Creating resource group..."
-                az group create -n ${{ parameters.resourceGroupName }} -l ${{ parameters.location }}
-
-                echo "Creating first AKS cluster..."
-                az aks create \
-                  -g ${{ parameters.resourceGroupName }} \
-                  -n ${{ parameters.cluster1Name }} \
-                  -l ${{ parameters.location }} \
-                  --network-plugin azure \
-                  --node-count 1 \
-                  --node-vm-size ${{ parameters.nodeVmSize }} \
-                  --generate-ssh-keys
-
-                echo "Adding node pool to first cluster..."
-                az aks nodepool add \
-                  --cluster-name ${{ parameters.cluster1Name }} \
-                  --resource-group ${{ parameters.resourceGroupName }} \
-                  --name np1 \
-                  --node-count 2 \
-                  --node-vm-size ${{ parameters.nodeVmSize }}
-
-                echo "Creating second AKS cluster..."
-                az aks create \
-                  -g ${{ parameters.resourceGroupName }} \
-                  -n ${{ parameters.cluster2Name }} \
-                  -l ${{ parameters.location }} \
-                  --network-plugin azure \
-                  --node-count 1 \
-                  --node-vm-size ${{ parameters.nodeVmSize }} \
-                  --generate-ssh-keys
-
-                echo "Adding node pool to second cluster..."
-                az aks nodepool add \
-                  --cluster-name ${{ parameters.cluster2Name }} \
-                  --resource-group ${{ parameters.resourceGroupName }} \
-                  --name np2 \
-                  --node-count 2 \
-                  --node-vm-size ${{ parameters.nodeVmSize }}
-
-      # ------------------------------------------------------------
-      # Job 2: Create Customer VNets and Peerings
-      # ------------------------------------------------------------
-      - job: Create_VNets
-        displayName: "Create Customer VNets and Peerings"
-        dependsOn: Create_RG_and_AKS
-        pool:
-          vmImage: ubuntu-latest
-        steps:
-          - task: AzureCLI@2
-            displayName: "Create and Peer VNets"
-            inputs:
-              azureSubscription: ${{ parameters.serviceConnection }}
-              scriptType: bash
-              scriptLocation: inlineScript
-              inlineScript: |
-                set -e
-                az account set --subscription ${{ parameters.subscriptionId }}
-
-                echo "Creating Customer VNets..."
-                az network vnet create \
-                  -g ${{ parameters.resourceGroupName }} \
-                  -n customerVnetA \
-                  --address-prefix 10.10.0.0/16 \
-                  -l ${{ parameters.location }}
-
-                az network vnet create \
-                  -g ${{ parameters.resourceGroupName }} \
-                  -n customerVnetB \
-                  --address-prefix 10.20.0.0/16 \
-                  -l ${{ parameters.location }}
-
-                echo "Peering Customer VNets..."
-                az network vnet peering create \
-                  -n peerAB \
-                  -g ${{ parameters.resourceGroupName }} \
-                  --vnet-name customerVnetA \
-                  --remote-vnet customerVnetB \
-                  --allow-vnet-access
-
-                az network vnet peering create \
-                  -n peerBA \
-                  -g ${{ parameters.resourceGroupName }} \
-                  --vnet-name customerVnetB \
-                  --remote-vnet customerVnetA \
-                  --allow-vnet-access
-
-      # ------------------------------------------------------------
-      # Job 3: Create Storage Account and Private Endpoints
-      # ------------------------------------------------------------
-      - job: Create_Storage
-        displayName: "Create Storage Account and Private Endpoints"
-        dependsOn: Create_VNets
-        pool:
-          vmImage: ubuntu-latest
-        steps:
-          - task: AzureCLI@2
-            displayName: "Create Storage Account and Private Endpoint"
-            inputs:
-              azureSubscription: ${{ parameters.serviceConnection }}
-              scriptType: bash
-              scriptLocation: inlineScript
-              inlineScript: |
-                set -e
-                az account set --subscription ${{ parameters.subscriptionId }}
-
-                echo "Creating Storage Account..."
-                STORAGE_NAME="sa${{ parameters.resourceGroupName }}$RANDOM"
-                az storage account create \
-                  -n $STORAGE_NAME \
-                  -g ${{ parameters.resourceGroupName }} \
-                  -l ${{ parameters.location }} \
-                  --sku Standard_LRS
-
-                echo "Creating Private Endpoint..."
-                STORAGE_ID=$(az storage account show -n $STORAGE_NAME -g ${{ parameters.resourceGroupName }} --query id -o tsv)
-                az network private-endpoint create \
-                  -n sa-endpoint \
-                  -g ${{ parameters.resourceGroupName }} \
-                  -l ${{ parameters.location }} \
-                  --vnet-name customerVnetA \
-                  --subnet default \
-                  --private-connection-resource-id $STORAGE_ID \
-                  --group-id blob \
-                  --connection-name sa-connection
+    default: "Azure Container Networking - Standalone Test Service Connection"
+
+jobs:
+  - job: ${{ parameters.jobName }}
+    displayName: "Job - ${{ parameters.jobName }}"
+    pool:
+      vmImage: 'ubuntu-latest'
+
+    steps:
+      - checkout: self
+      - task: AzureCLI@2
+        displayName: "Run ${{ parameters.jobName }} script"
+        inputs:
+          azureSubscription: "${{ parameters.serviceConnection }}"
+          scriptType: bash
+          scriptLocation: inlineScript
+          inlineScript: |
+            set -e
+            export SUBSCRIPTION_ID="${{ parameters.subscriptionId }}"
+            export LOCATION="${{ parameters.location }}"
+            export RG="${{ parameters.resourceGroupName }}"
+            export VM_SKU_DEFAULT="${{ parameters.vmSkuDefault }}"
+            export VM_SKU_HIGHNIC="${{ parameters.vmSkuHighNIC }}"
+
+            chmod +x ${{ parameters.scriptPath }}
+            ${{ parameters.scriptPath }}

From f602de55382691d2d629ed5c731f29692bebed91 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Mon, 20 Oct 2025 18:39:09 -0700
Subject: [PATCH 05/45] Set depedencies for pipeline jobs.

---
 .pipelines/swiftv2-long-running/pipeline.yaml            | 9 +++++----
 .../template/long-running-pipeline-template.yaml         | 2 +-
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/pipeline.yaml b/.pipelines/swiftv2-long-running/pipeline.yaml
index 4e8cc6b93d..9576866580 100644
--- a/.pipelines/swiftv2-long-running/pipeline.yaml
+++ b/.pipelines/swiftv2-long-running/pipeline.yaml
@@ -35,6 +35,7 @@ stages:
           resourceGroupName: ${{ parameters.resourceGroupName }}
           vmSkuDefault: ${{ parameters.vmSkuDefault }}
           vmSkuHighNIC: ${{ parameters.vmSkuHighNIC }}
+          dependsOn: []
 
       - template: pipeline-template.yaml
         parameters:
@@ -43,7 +44,7 @@ stages:
           subscriptionId: ${{ parameters.subscriptionId }}
           location: ${{ parameters.location }}
           resourceGroupName: ${{ parameters.resourceGroupName }}
-        dependsOn: create-aks
+          dependsOn: ["create-aks"]
 
       - template: pipeline-template.yaml
         parameters:
@@ -51,7 +52,7 @@ stages:
           scriptPath: "infra/scripts/03_create_peerings.sh"
           subscriptionId: ${{ parameters.subscriptionId }}
           resourceGroupName: ${{ parameters.resourceGroupName }}
-        dependsOn: create-vnets
+          dependsOn: ["create-vnets"]
 
       - template: pipeline-template.yaml
         parameters:
@@ -60,7 +61,7 @@ stages:
           subscriptionId: ${{ parameters.subscriptionId }}
           location: ${{ parameters.location }}
           resourceGroupName: ${{ parameters.resourceGroupName }}
-        dependsOn: create-peerings
+          dependsOn: ["create-peerings"]
 
       - template: pipeline-template.yaml
         parameters:
@@ -68,4 +69,4 @@ stages:
           scriptPath: "infra/scripts/05_create_nsg.sh"
           subscriptionId: ${{ parameters.subscriptionId }}
           resourceGroupName: ${{ parameters.resourceGroupName }}
-        dependsOn: create-storage
+          dependsOn: ["create-storage"]
diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
index faec5970ca..bdd90ae757 100644
--- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
+++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
@@ -25,7 +25,7 @@ jobs:
     displayName: "Job - ${{ parameters.jobName }}"
     pool:
       vmImage: 'ubuntu-latest'
-
+    dependsOn: ${{ parameters.dependsOn }}
     steps:
       - checkout: self
       - task: AzureCLI@2

From d83a3a53f32c1e3486ddbacae997247224b223ee Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Mon, 20 Oct 2025 18:41:42 -0700
Subject: [PATCH 06/45] template for long running cluster.

---
 .pipelines/swiftv2-long-running/pipeline.yaml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.pipelines/swiftv2-long-running/pipeline.yaml b/.pipelines/swiftv2-long-running/pipeline.yaml
index 9576866580..bfe6f18029 100644
--- a/.pipelines/swiftv2-long-running/pipeline.yaml
+++ b/.pipelines/swiftv2-long-running/pipeline.yaml
@@ -26,7 +26,7 @@ stages:
   - stage: AKSClusterAndNetworking
     displayName: "Stage: AKS Cluster and Networking Setup"
     jobs:
-      - template: pipeline-template.yaml
+      - template: long-running-pipeline-template.yaml
         parameters:
           jobName: create-aks
           scriptPath: "infra/scripts/01_create_aks.sh"

From 608ba0440ba77d3771cade322c1841afcdbb9510 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Mon, 20 Oct 2025 18:45:34 -0700
Subject: [PATCH 07/45] set template.

---
 .pipelines/swiftv2-long-running/pipeline.yaml | 20 +++++++++----------
 1 file changed, 10 insertions(+), 10 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/pipeline.yaml b/.pipelines/swiftv2-long-running/pipeline.yaml
index bfe6f18029..aef961839b 100644
--- a/.pipelines/swiftv2-long-running/pipeline.yaml
+++ b/.pipelines/swiftv2-long-running/pipeline.yaml
@@ -26,10 +26,10 @@ stages:
   - stage: AKSClusterAndNetworking
     displayName: "Stage: AKS Cluster and Networking Setup"
     jobs:
-      - template: long-running-pipeline-template.yaml
+      - template: template/long-running-pipeline-template.yaml
         parameters:
           jobName: create-aks
-          scriptPath: "infra/scripts/01_create_aks.sh"
+          scriptPath: "scripts/create_aks.sh"
           subscriptionId: ${{ parameters.subscriptionId }}
           location: ${{ parameters.location }}
           resourceGroupName: ${{ parameters.resourceGroupName }}
@@ -37,36 +37,36 @@ stages:
           vmSkuHighNIC: ${{ parameters.vmSkuHighNIC }}
           dependsOn: []
 
-      - template: pipeline-template.yaml
+      - template: template/long-running-pipeline-template.yaml
         parameters:
           jobName: create-vnets
-          scriptPath: "infra/scripts/02_create_vnets.sh"
+          scriptPath: "scripts/create_vnets.sh"
           subscriptionId: ${{ parameters.subscriptionId }}
           location: ${{ parameters.location }}
           resourceGroupName: ${{ parameters.resourceGroupName }}
           dependsOn: ["create-aks"]
 
-      - template: pipeline-template.yaml
+      - template: template/long-running-pipeline-template.yaml
         parameters:
           jobName: create-peerings
-          scriptPath: "infra/scripts/03_create_peerings.sh"
+          scriptPath: "scripts/create_peerings.sh"
           subscriptionId: ${{ parameters.subscriptionId }}
           resourceGroupName: ${{ parameters.resourceGroupName }}
           dependsOn: ["create-vnets"]
 
-      - template: pipeline-template.yaml
+      - template: template/long-running-pipeline-template.yaml
         parameters:
           jobName: create-storage
-          scriptPath: "infra/scripts/04_create_storage.sh"
+          scriptPath: "scripts/create_storage.sh"
           subscriptionId: ${{ parameters.subscriptionId }}
           location: ${{ parameters.location }}
           resourceGroupName: ${{ parameters.resourceGroupName }}
           dependsOn: ["create-peerings"]
 
-      - template: pipeline-template.yaml
+      - template: template/long-running-pipeline-template.yaml
         parameters:
           jobName: create-nsg
-          scriptPath: "infra/scripts/05_create_nsg.sh"
+          scriptPath: "scripts/create_nsg.sh"
           subscriptionId: ${{ parameters.subscriptionId }}
           resourceGroupName: ${{ parameters.resourceGroupName }}
           dependsOn: ["create-storage"]

From dd911579653966fc9061f907ac11a38d2015cccc Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Mon, 20 Oct 2025 18:49:14 -0700
Subject: [PATCH 08/45] set dependency for jobs.

---
 .../template/long-running-pipeline-template.yaml               | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
index bdd90ae757..2ed60283dd 100644
--- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
+++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
@@ -19,6 +19,9 @@ parameters:
   - name: serviceConnection
     type: string
     default: "Azure Container Networking - Standalone Test Service Connection"
+  - name: dependsOn
+    type: object
+    default: []
 
 jobs:
   - job: ${{ parameters.jobName }}

From 1f81177f4756c3209fee9e89926cfc4155ab6e9b Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Mon, 20 Oct 2025 18:51:22 -0700
Subject: [PATCH 09/45] Change job name.

---
 .pipelines/swiftv2-long-running/pipeline.yaml | 18 +++++++++---------
 1 file changed, 9 insertions(+), 9 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/pipeline.yaml b/.pipelines/swiftv2-long-running/pipeline.yaml
index aef961839b..2cfd297677 100644
--- a/.pipelines/swiftv2-long-running/pipeline.yaml
+++ b/.pipelines/swiftv2-long-running/pipeline.yaml
@@ -28,7 +28,7 @@ stages:
     jobs:
       - template: template/long-running-pipeline-template.yaml
         parameters:
-          jobName: create-aks
+          jobName: create_aks
           scriptPath: "scripts/create_aks.sh"
           subscriptionId: ${{ parameters.subscriptionId }}
           location: ${{ parameters.location }}
@@ -39,34 +39,34 @@ stages:
 
       - template: template/long-running-pipeline-template.yaml
         parameters:
-          jobName: create-vnets
+          jobName: create_vnets
           scriptPath: "scripts/create_vnets.sh"
           subscriptionId: ${{ parameters.subscriptionId }}
           location: ${{ parameters.location }}
           resourceGroupName: ${{ parameters.resourceGroupName }}
-          dependsOn: ["create-aks"]
+          dependsOn: ["create_aks"]
 
       - template: template/long-running-pipeline-template.yaml
         parameters:
-          jobName: create-peerings
+          jobName: create_peerings
           scriptPath: "scripts/create_peerings.sh"
           subscriptionId: ${{ parameters.subscriptionId }}
           resourceGroupName: ${{ parameters.resourceGroupName }}
-          dependsOn: ["create-vnets"]
+          dependsOn: ["create_vnets"]
 
       - template: template/long-running-pipeline-template.yaml
         parameters:
-          jobName: create-storage
+          jobName: create_storage
           scriptPath: "scripts/create_storage.sh"
           subscriptionId: ${{ parameters.subscriptionId }}
           location: ${{ parameters.location }}
           resourceGroupName: ${{ parameters.resourceGroupName }}
-          dependsOn: ["create-peerings"]
+          dependsOn: ["create_peerings"]
 
       - template: template/long-running-pipeline-template.yaml
         parameters:
-          jobName: create-nsg
+          jobName: create_nsg
           scriptPath: "scripts/create_nsg.sh"
           subscriptionId: ${{ parameters.subscriptionId }}
           resourceGroupName: ${{ parameters.resourceGroupName }}
-          dependsOn: ["create-storage"]
+          dependsOn: ["create_storage"]

From 17aff93f1c804bf0edb91c3f1ef001d854cffb54 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Mon, 20 Oct 2025 19:04:53 -0700
Subject: [PATCH 10/45] Set job scripts.

---
 .pipelines/swiftv2-long-running/pipeline.yaml          | 10 +++++-----
 .../template/long-running-pipeline-template.yaml       |  2 +-
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/pipeline.yaml b/.pipelines/swiftv2-long-running/pipeline.yaml
index 2cfd297677..d729f078fb 100644
--- a/.pipelines/swiftv2-long-running/pipeline.yaml
+++ b/.pipelines/swiftv2-long-running/pipeline.yaml
@@ -29,7 +29,7 @@ stages:
       - template: template/long-running-pipeline-template.yaml
         parameters:
           jobName: create_aks
-          scriptPath: "scripts/create_aks.sh"
+          scriptPath: "./scripts/create_aks.sh"
           subscriptionId: ${{ parameters.subscriptionId }}
           location: ${{ parameters.location }}
           resourceGroupName: ${{ parameters.resourceGroupName }}
@@ -40,7 +40,7 @@ stages:
       - template: template/long-running-pipeline-template.yaml
         parameters:
           jobName: create_vnets
-          scriptPath: "scripts/create_vnets.sh"
+          scriptPath: "./scripts/create_vnets.sh"
           subscriptionId: ${{ parameters.subscriptionId }}
           location: ${{ parameters.location }}
           resourceGroupName: ${{ parameters.resourceGroupName }}
@@ -49,7 +49,7 @@ stages:
       - template: template/long-running-pipeline-template.yaml
         parameters:
           jobName: create_peerings
-          scriptPath: "scripts/create_peerings.sh"
+          scriptPath: "./scripts/create_peerings.sh"
           subscriptionId: ${{ parameters.subscriptionId }}
           resourceGroupName: ${{ parameters.resourceGroupName }}
           dependsOn: ["create_vnets"]
@@ -57,7 +57,7 @@ stages:
       - template: template/long-running-pipeline-template.yaml
         parameters:
           jobName: create_storage
-          scriptPath: "scripts/create_storage.sh"
+          scriptPath: "./scripts/create_storage.sh"
           subscriptionId: ${{ parameters.subscriptionId }}
           location: ${{ parameters.location }}
           resourceGroupName: ${{ parameters.resourceGroupName }}
@@ -66,7 +66,7 @@ stages:
       - template: template/long-running-pipeline-template.yaml
         parameters:
           jobName: create_nsg
-          scriptPath: "scripts/create_nsg.sh"
+          scriptPath: "./scripts/create_nsg.sh"
           subscriptionId: ${{ parameters.subscriptionId }}
           resourceGroupName: ${{ parameters.resourceGroupName }}
           dependsOn: ["create_storage"]
diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
index 2ed60283dd..225b7b3e46 100644
--- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
+++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
@@ -25,7 +25,7 @@ parameters:
 
 jobs:
   - job: ${{ parameters.jobName }}
-    displayName: "Job - ${{ parameters.jobName }}"
+    displayName: "${{ parameters.jobName }}"
     pool:
       vmImage: 'ubuntu-latest'
     dependsOn: ${{ parameters.dependsOn }}

From 73b21b629eab44abf312549954ee13cd5efdae21 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Mon, 20 Oct 2025 19:16:59 -0700
Subject: [PATCH 11/45] set pipeline scripts with permissions.

---
 .../template/long-running-pipeline-template.yaml                | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
index 225b7b3e46..cf0761abd0 100644
--- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
+++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
@@ -39,6 +39,8 @@ jobs:
           scriptLocation: inlineScript
           inlineScript: |
             set -e
+            chmod +x ${{ parameters.scriptPath }}
+            ${{ parameters.scriptPath }}
             export SUBSCRIPTION_ID="${{ parameters.subscriptionId }}"
             export LOCATION="${{ parameters.location }}"
             export RG="${{ parameters.resourceGroupName }}"

From fe19ca9a973514fd2dd303038a4695c8e349adac Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Mon, 20 Oct 2025 19:31:18 -0700
Subject: [PATCH 12/45] set script path.

---
 .pipelines/swiftv2-long-running/pipeline.yaml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/pipeline.yaml b/.pipelines/swiftv2-long-running/pipeline.yaml
index d729f078fb..7759027b5f 100644
--- a/.pipelines/swiftv2-long-running/pipeline.yaml
+++ b/.pipelines/swiftv2-long-running/pipeline.yaml
@@ -29,7 +29,7 @@ stages:
       - template: template/long-running-pipeline-template.yaml
         parameters:
           jobName: create_aks
-          scriptPath: "./scripts/create_aks.sh"
+          scriptPath: ".pipelines/swiftv2-long-running/scripts/create_aks.sh"
           subscriptionId: ${{ parameters.subscriptionId }}
           location: ${{ parameters.location }}
           resourceGroupName: ${{ parameters.resourceGroupName }}
@@ -40,7 +40,7 @@ stages:
       - template: template/long-running-pipeline-template.yaml
         parameters:
           jobName: create_vnets
-          scriptPath: "./scripts/create_vnets.sh"
+          scriptPath: ".pipelines/swiftv2-long-running/scripts/create_vnets.sh"
           subscriptionId: ${{ parameters.subscriptionId }}
           location: ${{ parameters.location }}
           resourceGroupName: ${{ parameters.resourceGroupName }}
@@ -49,7 +49,7 @@ stages:
       - template: template/long-running-pipeline-template.yaml
         parameters:
           jobName: create_peerings
-          scriptPath: "./scripts/create_peerings.sh"
+          scriptPath: ".pipelines/swiftv2-long-running/scripts/create_peerings.sh"
           subscriptionId: ${{ parameters.subscriptionId }}
           resourceGroupName: ${{ parameters.resourceGroupName }}
           dependsOn: ["create_vnets"]
@@ -57,7 +57,7 @@ stages:
       - template: template/long-running-pipeline-template.yaml
         parameters:
           jobName: create_storage
-          scriptPath: "./scripts/create_storage.sh"
+          scriptPath: ".pipelines/swiftv2-long-running/scripts/create_storage.sh"
           subscriptionId: ${{ parameters.subscriptionId }}
           location: ${{ parameters.location }}
           resourceGroupName: ${{ parameters.resourceGroupName }}
@@ -66,7 +66,7 @@ stages:
       - template: template/long-running-pipeline-template.yaml
         parameters:
           jobName: create_nsg
-          scriptPath: "./scripts/create_nsg.sh"
+          scriptPath: ".pipelines/swiftv2-long-running/scripts/create_nsg.sh"
           subscriptionId: ${{ parameters.subscriptionId }}
           resourceGroupName: ${{ parameters.resourceGroupName }}
           dependsOn: ["create_storage"]

From 22ce2e10bb0512d6383e1ba138714f6c8d540b06 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Mon, 20 Oct 2025 20:45:46 -0700
Subject: [PATCH 13/45] set template params.

---
 .../template/long-running-pipeline-template.yaml   | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
index cf0761abd0..7e30a1ea7f 100644
--- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
+++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
@@ -41,11 +41,9 @@ jobs:
             set -e
             chmod +x ${{ parameters.scriptPath }}
             ${{ parameters.scriptPath }}
-            export SUBSCRIPTION_ID="${{ parameters.subscriptionId }}"
-            export LOCATION="${{ parameters.location }}"
-            export RG="${{ parameters.resourceGroupName }}"
-            export VM_SKU_DEFAULT="${{ parameters.vmSkuDefault }}"
-            export VM_SKU_HIGHNIC="${{ parameters.vmSkuHighNIC }}"
-
-            chmod +x ${{ parameters.scriptPath }}
-            ${{ parameters.scriptPath }}
+            env:
+              subscriptionId: ${{ parameters.subscriptionId }}
+              location: ${{ parameters.location }}
+              resourceGroupName: ${{ parameters.resourceGroupName }}
+              vmSkuDefault: ${{ parameters.vmSkuDefault }}
+              vmSkuHighNIC: ${{ parameters.vmSkuHighNIC }}
\ No newline at end of file

From 67e07fe3c9b849e61068bc03b373e8b633dd9dcf Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Mon, 20 Oct 2025 21:22:27 -0700
Subject: [PATCH 14/45] Set pipeline template for long running clusters.

---
 .pipelines/swiftv2-long-running/pipeline.yaml |  72 +++------
 .../long-running-pipeline-template.yaml       | 147 +++++++++++++-----
 2 files changed, 133 insertions(+), 86 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/pipeline.yaml b/.pipelines/swiftv2-long-running/pipeline.yaml
index 7759027b5f..b6d085901d 100644
--- a/.pipelines/swiftv2-long-running/pipeline.yaml
+++ b/.pipelines/swiftv2-long-running/pipeline.yaml
@@ -1,72 +1,42 @@
-trigger:
-- main
+trigger: none
 
 parameters:
   - name: subscriptionId
+    displayName: "Azure Subscription ID"
     type: string
     default: "37deca37-c375-4a14-b90a-043849bd2bf1"
+
   - name: location
+    displayName: "Deployment Region"
     type: string
     default: "centraluseuap"
+
   - name: resourceGroupName
+    displayName: "Resource Group Name"
     type: string
-    default: "long-run-$(date +%s)"
+    default: "long-run-$(Build.BuildId)"
+
   - name: vmSkuDefault
+    displayName: "VM SKU for Default Node Pool"
     type: string
     default: "Standard_D2s_v3"
+
   - name: vmSkuHighNIC
+    displayName: "VM SKU for High NIC Node Pool"
     type: string
     default: "Standard_D16s_v3"
+
   - name: serviceConnection
     displayName: "Azure Service Connection"
     type: string
     default: "Azure Container Networking - Standalone Test Service Connection"
 
-stages:
-  - stage: AKSClusterAndNetworking
-    displayName: "Stage: AKS Cluster and Networking Setup"
-    jobs:
-      - template: template/long-running-pipeline-template.yaml
-        parameters:
-          jobName: create_aks
-          scriptPath: ".pipelines/swiftv2-long-running/scripts/create_aks.sh"
-          subscriptionId: ${{ parameters.subscriptionId }}
-          location: ${{ parameters.location }}
-          resourceGroupName: ${{ parameters.resourceGroupName }}
-          vmSkuDefault: ${{ parameters.vmSkuDefault }}
-          vmSkuHighNIC: ${{ parameters.vmSkuHighNIC }}
-          dependsOn: []
-
-      - template: template/long-running-pipeline-template.yaml
-        parameters:
-          jobName: create_vnets
-          scriptPath: ".pipelines/swiftv2-long-running/scripts/create_vnets.sh"
-          subscriptionId: ${{ parameters.subscriptionId }}
-          location: ${{ parameters.location }}
-          resourceGroupName: ${{ parameters.resourceGroupName }}
-          dependsOn: ["create_aks"]
-
-      - template: template/long-running-pipeline-template.yaml
-        parameters:
-          jobName: create_peerings
-          scriptPath: ".pipelines/swiftv2-long-running/scripts/create_peerings.sh"
-          subscriptionId: ${{ parameters.subscriptionId }}
-          resourceGroupName: ${{ parameters.resourceGroupName }}
-          dependsOn: ["create_vnets"]
-
-      - template: template/long-running-pipeline-template.yaml
-        parameters:
-          jobName: create_storage
-          scriptPath: ".pipelines/swiftv2-long-running/scripts/create_storage.sh"
-          subscriptionId: ${{ parameters.subscriptionId }}
-          location: ${{ parameters.location }}
-          resourceGroupName: ${{ parameters.resourceGroupName }}
-          dependsOn: ["create_peerings"]
-
-      - template: template/long-running-pipeline-template.yaml
-        parameters:
-          jobName: create_nsg
-          scriptPath: ".pipelines/swiftv2-long-running/scripts/create_nsg.sh"
-          subscriptionId: ${{ parameters.subscriptionId }}
-          resourceGroupName: ${{ parameters.resourceGroupName }}
-          dependsOn: ["create_storage"]
+extends:
+  template: template/long-running-pipeline-template.yaml
+  parameters:
+    subscriptionId: ${{ parameters.subscriptionId }}
+    location: ${{ parameters.location }}
+    resourceGroupName: ${{ parameters.resourceGroupName }}
+    vmSkuDefault: ${{ parameters.vmSkuDefault }}
+    vmSkuHighNIC: ${{ parameters.vmSkuHighNIC }}
+    serviceConnection: ${{ parameters.serviceConnection }}
diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
index 7e30a1ea7f..f2a03fcfa4 100644
--- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
+++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
@@ -1,49 +1,126 @@
 parameters:
-  - name: jobName
-    type: string
-  - name: scriptPath
-    type: string
   - name: subscriptionId
     type: string
   - name: location
     type: string
-    default: ""
   - name: resourceGroupName
     type: string
   - name: vmSkuDefault
     type: string
-    default: ""
   - name: vmSkuHighNIC
     type: string
-    default: ""
   - name: serviceConnection
     type: string
-    default: "Azure Container Networking - Standalone Test Service Connection"
-  - name: dependsOn
-    type: object
-    default: []
 
-jobs:
-  - job: ${{ parameters.jobName }}
-    displayName: "${{ parameters.jobName }}"
-    pool:
-      vmImage: 'ubuntu-latest'
-    dependsOn: ${{ parameters.dependsOn }}
-    steps:
-      - checkout: self
-      - task: AzureCLI@2
-        displayName: "Run ${{ parameters.jobName }} script"
-        inputs:
-          azureSubscription: "${{ parameters.serviceConnection }}"
-          scriptType: bash
-          scriptLocation: inlineScript
-          inlineScript: |
-            set -e
-            chmod +x ${{ parameters.scriptPath }}
-            ${{ parameters.scriptPath }}
-            env:
-              subscriptionId: ${{ parameters.subscriptionId }}
-              location: ${{ parameters.location }}
-              resourceGroupName: ${{ parameters.resourceGroupName }}
-              vmSkuDefault: ${{ parameters.vmSkuDefault }}
-              vmSkuHighNIC: ${{ parameters.vmSkuHighNIC }}
\ No newline at end of file
+stages:
+  - stage: AKSClusterAndNetworking
+    displayName: "Stage: AKS Cluster and Networking Setup"
+    jobs:
+      # ------------------------------------------------------------
+      # Job 1: Create AKS Cluster
+      # ------------------------------------------------------------
+      - job: Create_AKS
+        displayName: "Create AKS Clusters"
+        pool:
+          vmImage: ubuntu-latest
+        steps:
+          - checkout: self
+          - task: AzureCLI@2
+            displayName: "Run create_aks.sh"
+            inputs:
+              azureSubscription: ${{ parameters.serviceConnection }}
+              scriptType: bash
+              scriptLocation: scriptPath
+              scriptPath: ".pipelines/swiftv2-long-running/scripts/create_aks.sh"
+              arguments: >
+                ${{ parameters.subscriptionId }}
+                ${{ parameters.location }}
+                ${{ parameters.resourceGroupName }}
+                ${{ parameters.vmSkuDefault }}
+                ${{ parameters.vmSkuHighNIC }}
+
+      # ------------------------------------------------------------
+      # Job 2: Create VNets
+      # ------------------------------------------------------------
+      - job: Create_VNets
+        displayName: "Create VNets"
+        dependsOn: Create_AKS
+        pool:
+          vmImage: ubuntu-latest
+        steps:
+          - checkout: self
+          - task: AzureCLI@2
+            displayName: "Run create_vnets.sh"
+            inputs:
+              azureSubscription: ${{ parameters.serviceConnection }}
+              scriptType: bash
+              scriptLocation: scriptPath
+              scriptPath: ".pipelines/swiftv2-long-running/scripts/create_vnets.sh"
+              arguments: >
+                ${{ parameters.subscriptionId }}
+                ${{ parameters.location }}
+                ${{ parameters.resourceGroupName }}
+
+      # ------------------------------------------------------------
+      # Job 3: Create Peerings
+      # ------------------------------------------------------------
+      - job: Create_Peerings
+        displayName: "Create Peerings"
+        dependsOn: Create_VNets
+        pool:
+          vmImage: ubuntu-latest
+        steps:
+          - checkout: self
+          - task: AzureCLI@2
+            displayName: "Run create_peerings.sh"
+            inputs:
+              azureSubscription: ${{ parameters.serviceConnection }}
+              scriptType: bash
+              scriptLocation: scriptPath
+              scriptPath: ".pipelines/swiftv2-long-running/scripts/create_peerings.sh"
+              arguments: >
+                ${{ parameters.subscriptionId }}
+                ${{ parameters.resourceGroupName }}
+
+      # ------------------------------------------------------------
+      # Job 4: Create Storage
+      # ------------------------------------------------------------
+      - job: Create_Storage
+        displayName: "Create Storage"
+        dependsOn: Create_Peerings
+        pool:
+          vmImage: ubuntu-latest
+        steps:
+          - checkout: self
+          - task: AzureCLI@2
+            displayName: "Run create_storage.sh"
+            inputs:
+              azureSubscription: ${{ parameters.serviceConnection }}
+              scriptType: bash
+              scriptLocation: scriptPath
+              scriptPath: ".pipelines/swiftv2-long-running/scripts/create_storage.sh"
+              arguments: >
+                ${{ parameters.subscriptionId }}
+                ${{ parameters.location }}
+                ${{ parameters.resourceGroupName }}
+
+      # ------------------------------------------------------------
+      # Job 5: Create NSG
+      # ------------------------------------------------------------
+      - job: Create_NSG
+        displayName: "Create Network Security Groups"
+        dependsOn: Create_Storage
+        pool:
+          vmImage: ubuntu-latest
+        steps:
+          - checkout: self
+          - task: AzureCLI@2
+            displayName: "Run create_nsg.sh"
+            inputs:
+              azureSubscription: ${{ parameters.serviceConnection }}
+              scriptType: bash
+              scriptLocation: scriptPath
+              scriptPath: ".pipelines/swiftv2-long-running/scripts/create_nsg.sh"
+              arguments: >
+                ${{ parameters.subscriptionId }}
+                ${{ parameters.resourceGroupName }}

From ce3646120d7ad8c43b254f90ca95825069553d6d Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Mon, 20 Oct 2025 21:32:46 -0700
Subject: [PATCH 15/45] test change.

---
 .pipelines/swiftv2-long-running/scripts/create_aks.sh | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/.pipelines/swiftv2-long-running/scripts/create_aks.sh b/.pipelines/swiftv2-long-running/scripts/create_aks.sh
index c0406a1dd9..de4f30d34e 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_aks.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_aks.sh
@@ -1,6 +1,11 @@
 #!/usr/bin/env bash
 set -e
 
+echo "Subscription id: $SUBSCRIPTION_ID"
+echo "Resource group: $RG"
+echo "Location: $LOCATION"
+echo "VM SKU (default): $VM_SKU_DEFAULT"
+echo "VM SKU (high-NIC): $VM_SKU_HIGHNIC"
 az account set --subscription "$SUBSCRIPTION_ID"
 
 echo "==> Creating resource group: $RG"

From ae45dac761a2e7686b514025778f915f56631531 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Mon, 20 Oct 2025 21:49:30 -0700
Subject: [PATCH 16/45] set params.

---
 .pipelines/swiftv2-long-running/scripts/create_aks.sh | 6 ++++++
 .pipelines/swiftv2-long-running/scripts/create_nsg.sh | 3 +++
 2 files changed, 9 insertions(+)

diff --git a/.pipelines/swiftv2-long-running/scripts/create_aks.sh b/.pipelines/swiftv2-long-running/scripts/create_aks.sh
index de4f30d34e..86df30deba 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_aks.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_aks.sh
@@ -1,6 +1,12 @@
 #!/usr/bin/env bash
 set -e
 
+SUBSCRIPTION_ID=$1
+LOCATION=$2
+RG=$3
+VM_SKU_DEFAULT=$4
+VM_SKU_HIGHNIC=$5
+
 echo "Subscription id: $SUBSCRIPTION_ID"
 echo "Resource group: $RG"
 echo "Location: $LOCATION"
diff --git a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
index f6f595f16b..4f5c7fe770 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
@@ -1,6 +1,9 @@
 #!/usr/bin/env bash
 set -e
 
+SUBSCRIPTION_ID=$1
+RG=$2
+
 VNET_A1="delegated_vnet_a1"
 S1_PREFIX="10.10.1.0/24"
 S2_PREFIX="10.10.2.0/24"

From 8d0c0d1c622035a575096e1be5cfe8f0311f643e Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Tue, 21 Oct 2025 00:01:25 -0700
Subject: [PATCH 17/45] set params in pipeline scripts.

---
 .pipelines/swiftv2-long-running/scripts/create_peerings.sh | 3 +++
 .pipelines/swiftv2-long-running/scripts/create_storage.sh  | 4 ++++
 .pipelines/swiftv2-long-running/scripts/create_vnets.sh    | 6 ++++++
 3 files changed, 13 insertions(+)

diff --git a/.pipelines/swiftv2-long-running/scripts/create_peerings.sh b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh
index a40343cd67..703c811534 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_peerings.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh
@@ -1,6 +1,9 @@
 #!/usr/bin/env bash
 set -e
 
+SUBSCRIPTION_ID=$1
+RG=$2
+
 VNET_A1="delegated_vnet_a1"
 VNET_A2="delegated_vnet_a2"
 VNET_A3="delegated_vnet_a3"
diff --git a/.pipelines/swiftv2-long-running/scripts/create_storage.sh b/.pipelines/swiftv2-long-running/scripts/create_storage.sh
index 384e070af8..8ef8f70703 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_storage.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_storage.sh
@@ -1,6 +1,10 @@
 #!/usr/bin/env bash
 set -e
 
+SUBSCRIPTION_ID=$1
+LOCATION=$2
+RG=$3
+
 RAND=$(openssl rand -hex 4)
 SA1="sa1${RAND}"
 SA2="sa2${RAND}"
diff --git a/.pipelines/swiftv2-long-running/scripts/create_vnets.sh b/.pipelines/swiftv2-long-running/scripts/create_vnets.sh
index 2ae4be9b22..e52de30ccd 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_vnets.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_vnets.sh
@@ -1,6 +1,12 @@
 #!/usr/bin/env bash
 set -e
 
+SUBSCRIPTION_ID=$1
+LOCATION=$2
+RG=$3
+
+az account set --subscription "$SUBSCRIPTION_ID"
+
 # VNets and subnets
 VNET_A1="cx_vnet_a1"
 VNET_A2="cx_vnet_a2"

From 6052887ad88c9e3993571667a20700ad8b693fa3 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Tue, 21 Oct 2025 00:47:10 -0700
Subject: [PATCH 18/45] set cx vnet name.

---
 .pipelines/swiftv2-long-running/scripts/create_nsg.sh      | 2 +-
 .pipelines/swiftv2-long-running/scripts/create_peerings.sh | 7 ++++---
 2 files changed, 5 insertions(+), 4 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
index 4f5c7fe770..553b7965a0 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
@@ -4,7 +4,7 @@ set -e
 SUBSCRIPTION_ID=$1
 RG=$2
 
-VNET_A1="delegated_vnet_a1"
+VNET_A1="cx_vnet_a1"
 S1_PREFIX="10.10.1.0/24"
 S2_PREFIX="10.10.2.0/24"
 NSG_NAME="${VNET_A1}-nsg"
diff --git a/.pipelines/swiftv2-long-running/scripts/create_peerings.sh b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh
index 703c811534..da413e6869 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_peerings.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh
@@ -4,9 +4,10 @@ set -e
 SUBSCRIPTION_ID=$1
 RG=$2
 
-VNET_A1="delegated_vnet_a1"
-VNET_A2="delegated_vnet_a2"
-VNET_A3="delegated_vnet_a3"
+VNET_A1="cx_vnet_a1"
+VNET_A2="cx_vnet_a2"
+VNET_A3="cx_vnet_a3"
+VNET_B1="cx_vnet_b1"
 
 peer_two_vnets() {
   local rg="$1"; local v1="$2"; local v2="$3"; local name12="$4"; local name21="$5"

From a385ab1daae4918d41b9f9ee7411d11e1d16a4d8 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Tue, 21 Oct 2025 00:49:50 -0700
Subject: [PATCH 19/45] Create clusters parallely

---
 .../scripts/create_aks.sh                     | 26 +++++++++++++++----
 .../long-running-pipeline-template.yaml       |  2 +-
 2 files changed, 22 insertions(+), 6 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/scripts/create_aks.sh b/.pipelines/swiftv2-long-running/scripts/create_aks.sh
index 86df30deba..dc4cbbbefd 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_aks.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_aks.sh
@@ -17,17 +17,33 @@ az account set --subscription "$SUBSCRIPTION_ID"
 echo "==> Creating resource group: $RG"
 az group create -n "$RG" -l "$LOCATION" --output none
 
-# AKS clusters
-for CLUSTER in "aks-cluster-a" "aks-cluster-b"; do
+# Enable parallel cluster creation
+create_cluster() {
+  local CLUSTER=$1
   echo "==> Creating AKS cluster: $CLUSTER"
+
   az aks create -g "$RG" -n "$CLUSTER" -l "$LOCATION" \
     --network-plugin azure --node-count 1 \
     --node-vm-size "$VM_SKU_DEFAULT" \
     --enable-managed-identity --generate-ssh-keys \
-    --load-balancer-sku standard --yes
+    --load-balancer-sku standard --yes --only-show-errors
 
   echo "==> Adding high-NIC nodepool to $CLUSTER"
   az aks nodepool add -g "$RG" -n highnic \
     --cluster-name "$CLUSTER" --node-count 2 \
-    --node-vm-size "$VM_SKU_HIGHNIC" --mode User
-done
+    --node-vm-size "$VM_SKU_HIGHNIC" --mode User --only-show-errors
+
+  echo "Finished AKS cluster: $CLUSTER"
+}
+
+# Run both clusters in parallel
+create_cluster "aks-cluster-a" &
+pid_a=$!
+
+create_cluster "aks-cluster-b" &
+pid_b=$!
+
+# Wait for both to finish
+wait $pid_a $pid_b
+
+echo "AKS clusters created successfully!"
diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
index f2a03fcfa4..def27a233e 100644
--- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
+++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
@@ -87,7 +87,7 @@ stages:
       # ------------------------------------------------------------
       - job: Create_Storage
         displayName: "Create Storage"
-        dependsOn: Create_Peerings
+        dependsOn: Create_AKS
         pool:
           vmImage: ubuntu-latest
         steps:

From d8a07a269caefffae642428372599bf96e60dc52 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Tue, 21 Oct 2025 08:59:03 -0700
Subject: [PATCH 20/45] create NSG.

---
 .../scripts/create_nsg.sh                     | 51 ++++++++++++++++++-
 1 file changed, 49 insertions(+), 2 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
index 553b7965a0..2d9d8d52c1 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
@@ -3,11 +3,58 @@ set -e
 
 SUBSCRIPTION_ID=$1
 RG=$2
+LOCATION=${3:-centraluseuap}
 
 VNET_A1="cx_vnet_a1"
 S1_PREFIX="10.10.1.0/24"
 S2_PREFIX="10.10.2.0/24"
 NSG_NAME="${VNET_A1}-nsg"
 
-az network nsg create -g "$RG" -n "$NSG_NAME" --output none
-az network nsg rule create -g "$RG"
+echo "==> Creating Network Security Group: $NSG_NAME"
+az network nsg create -g "$RG" -n "$NSG_NAME" -l "$LOCATION" --output none
+
+echo "==> Adding NSG rules"
+
+# Allow SSH from any
+az network nsg rule create \
+  -g "$RG" \
+  --nsg-name "$NSG_NAME" \
+  -n allow-ssh \
+  --priority 100 \
+  --source-address-prefixes "*" \
+  --destination-port-ranges 22 \
+  --direction Inbound \
+  --access Allow \
+  --protocol Tcp \
+  --description "Allow SSH access" \
+  --output none
+
+# Allow internal VNet traffic
+az network nsg rule create \
+  -g "$RG" \
+  --nsg-name "$NSG_NAME" \
+  -n allow-vnet \
+  --priority 200 \
+  --source-address-prefixes VirtualNetwork \
+  --destination-address-prefixes VirtualNetwork \
+  --direction Inbound \
+  --access Allow \
+  --protocol "*" \
+  --description "Allow VNet internal traffic" \
+  --output none
+
+# Allow AKS API traffic
+az network nsg rule create \
+  -g "$RG" \
+  --nsg-name "$NSG_NAME" \
+  -n allow-aks-controlplane \
+  --priority 300 \
+  --source-address-prefixes AzureCloud \
+  --destination-port-ranges 443 \
+  --direction Inbound \
+  --access Allow \
+  --protocol Tcp \
+  --description "Allow AKS control plane traffic" \
+  --output none
+
+echo "NSG '$NSG_NAME' created successfully with rules."

From 02b746f6cb2cebe85927b0e4e9857ee88e09ec93 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Tue, 21 Oct 2025 09:22:13 -0700
Subject: [PATCH 21/45] Change dependency for creating nsg.

---
 .../template/long-running-pipeline-template.yaml                | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
index def27a233e..d84f50c9ce 100644
--- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
+++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
@@ -109,7 +109,7 @@ stages:
       # ------------------------------------------------------------
       - job: Create_NSG
         displayName: "Create Network Security Groups"
-        dependsOn: Create_Storage
+        dependsOn: Create_VNets
         pool:
           vmImage: ubuntu-latest
         steps:

From f4c8596aba4b703877d8ef3c15ea7bb7b13346bf Mon Sep 17 00:00:00 2001
From: sivakami-projects <126191544+sivakami-projects@users.noreply.github.com>
Date: Tue, 21 Oct 2025 10:02:16 -0700
Subject: [PATCH 22/45] Update
 .pipelines/swiftv2-long-running/scripts/create_peerings.sh

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: sivakami-projects <126191544+sivakami-projects@users.noreply.github.com>
---
 .pipelines/swiftv2-long-running/scripts/create_peerings.sh | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/scripts/create_peerings.sh b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh
index da413e6869..471a6495d7 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_peerings.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh
@@ -1,9 +1,7 @@
 #!/usr/bin/env bash
 set -e
 
-SUBSCRIPTION_ID=$1
-RG=$2
-
+RG=$1
 VNET_A1="cx_vnet_a1"
 VNET_A2="cx_vnet_a2"
 VNET_A3="cx_vnet_a3"

From 9a3b87ef757bec95bf01d7eb8dcda6c89350f8ce Mon Sep 17 00:00:00 2001
From: sivakami-projects <126191544+sivakami-projects@users.noreply.github.com>
Date: Tue, 21 Oct 2025 10:02:23 -0700
Subject: [PATCH 23/45] Update
 .pipelines/swiftv2-long-running/scripts/create_nsg.sh

Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Signed-off-by: sivakami-projects <126191544+sivakami-projects@users.noreply.github.com>
---
 .pipelines/swiftv2-long-running/scripts/create_nsg.sh | 2 --
 1 file changed, 2 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
index 2d9d8d52c1..33c3702000 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
@@ -6,8 +6,6 @@ RG=$2
 LOCATION=${3:-centraluseuap}
 
 VNET_A1="cx_vnet_a1"
-S1_PREFIX="10.10.1.0/24"
-S2_PREFIX="10.10.2.0/24"
 NSG_NAME="${VNET_A1}-nsg"
 
 echo "==> Creating Network Security Group: $NSG_NAME"

From d1498e12e2023d0c6665587b6403e570e287bc92 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Tue, 21 Oct 2025 10:28:48 -0700
Subject: [PATCH 24/45] Add success/error message for each resource creation.

---
 .../scripts/create_nsg.sh                     | 13 +++++---
 .../scripts/create_peerings.sh                |  8 +++--
 .../scripts/create_storage.sh                 |  6 +++-
 .../scripts/create_vnets.sh                   | 30 ++++++++++++++-----
 4 files changed, 42 insertions(+), 15 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
index 33c3702000..1a7655756c 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
@@ -1,5 +1,6 @@
 #!/usr/bin/env bash
 set -e
+trap 'echo "[ERROR] Failed during NSG creation." >&2' ERR
 
 SUBSCRIPTION_ID=$1
 RG=$2
@@ -9,7 +10,8 @@ VNET_A1="cx_vnet_a1"
 NSG_NAME="${VNET_A1}-nsg"
 
 echo "==> Creating Network Security Group: $NSG_NAME"
-az network nsg create -g "$RG" -n "$NSG_NAME" -l "$LOCATION" --output none
+az network nsg create -g "$RG" -n "$NSG_NAME" -l "$LOCATION" --output none \
+  && echo "NSG $NSG_NAME created."
 
 echo "==> Adding NSG rules"
 
@@ -25,7 +27,8 @@ az network nsg rule create \
   --access Allow \
   --protocol Tcp \
   --description "Allow SSH access" \
-  --output none
+  --output none \
+    && echo "Rule allow-ssh created."
 
 # Allow internal VNet traffic
 az network nsg rule create \
@@ -39,7 +42,8 @@ az network nsg rule create \
   --access Allow \
   --protocol "*" \
   --description "Allow VNet internal traffic" \
-  --output none
+  --output none \
+    && echo "Rule allow-vnet created."
 
 # Allow AKS API traffic
 az network nsg rule create \
@@ -53,6 +57,7 @@ az network nsg rule create \
   --access Allow \
   --protocol Tcp \
   --description "Allow AKS control plane traffic" \
-  --output none
+  --output none \
+    && echo "Rule allow-aks-controlplane created."
 
 echo "NSG '$NSG_NAME' created successfully with rules."
diff --git a/.pipelines/swiftv2-long-running/scripts/create_peerings.sh b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh
index 471a6495d7..4b199912cf 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_peerings.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh
@@ -1,5 +1,6 @@
 #!/usr/bin/env bash
 set -e
+trap 'echo "[ERROR] Failed during VNet peering creation." >&2' ERR
 
 RG=$1
 VNET_A1="cx_vnet_a1"
@@ -9,8 +10,11 @@ VNET_B1="cx_vnet_b1"
 
 peer_two_vnets() {
   local rg="$1"; local v1="$2"; local v2="$3"; local name12="$4"; local name21="$5"
-  az network vnet peering create -g "$rg" -n "$name12" --vnet-name "$v1" --remote-vnet "$v2" --allow-vnet-access --output none
-  az network vnet peering create -g "$rg" -n "$name21" --vnet-name "$v2" --remote-vnet "$v1" --allow-vnet-access --output none
+  echo "==> Peering $v1 <-> $v2"
+  az network vnet peering create -g "$rg" -n "$name12" --vnet-name "$v1" --remote-vnet "$v2" --allow-vnet-access --output none \
+    && echo "Created peering $name12"
+  az network vnet peering create -g "$rg" -n "$name21" --vnet-name "$v2" --remote-vnet "$v1" --allow-vnet-access --output none \
+    && echo "Created peering $name21"
 }
 
 peer_two_vnets "$RG" "$VNET_A1" "$VNET_A2" "A1-to-A2" "A2-to-A1"
diff --git a/.pipelines/swiftv2-long-running/scripts/create_storage.sh b/.pipelines/swiftv2-long-running/scripts/create_storage.sh
index 8ef8f70703..6bd2d89c10 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_storage.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_storage.sh
@@ -1,5 +1,6 @@
 #!/usr/bin/env bash
 set -e
+trap 'echo "[ERROR] Failed during Storage Account creation." >&2' ERR
 
 SUBSCRIPTION_ID=$1
 LOCATION=$2
@@ -24,5 +25,8 @@ for SA in "$SA1" "$SA2"; do
         \"allowBlobPublicAccess\": false,
         \"allowSharedKeyAccess\": false
       }
-    }"
+    }" \
+  && echo "Storage account $SA created successfully."
 done
+
+echo "All storage accounts created successfully."
\ No newline at end of file
diff --git a/.pipelines/swiftv2-long-running/scripts/create_vnets.sh b/.pipelines/swiftv2-long-running/scripts/create_vnets.sh
index e52de30ccd..c7360bbc7c 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_vnets.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_vnets.sh
@@ -1,5 +1,6 @@
 #!/usr/bin/env bash
 set -e
+trap 'echo "[ERROR] Failed while creating VNets or subnets. Check Azure CLI logs above." >&2' ERR
 
 SUBSCRIPTION_ID=$1
 LOCATION=$2
@@ -16,24 +17,37 @@ VNET_B1="cx_vnet_b1"
 A1_S1="10.10.1.0/24"
 A1_S2="10.10.2.0/24"
 A1_PE="10.10.100.0/24"
+
 A2_MAIN="10.11.1.0/24"
 A2_PE="10.11.100.0/24"
+
 A3_MAIN="10.12.1.0/24"
 A3_PE="10.12.100.0/24"
+
 B1_MAIN="10.20.1.0/24"
 
 # A1
-az network vnet create -g "$RG" -n "$VNET_A1" --address-prefix 10.10.0.0/16 --subnet-name s1 --subnet-prefix "$A1_S1" -l "$LOCATION" --output none
-az network vnet subnet create -g "$RG" --vnet-name "$VNET_A1" -n s2 --address-prefix "$A1_S2" --output none
-az network vnet subnet create -g "$RG" --vnet-name "$VNET_A1" -n pe --address-prefix "$A1_PE" --output none
+az network vnet create -g "$RG" -n "$VNET_A1" --address-prefix 10.10.0.0/16 --subnet-name s1 --subnet-prefix "$A1_S1" -l "$LOCATION" --output none \
+ && echo "Created $VNET_A1 with subnet s1"
+az network vnet subnet create -g "$RG" --vnet-name "$VNET_A1" -n s2 --address-prefix "$A1_S2" --output none \
+ && echo "Created $VNET_A1 with subnet s2"
+az network vnet subnet create -g "$RG" --vnet-name "$VNET_A1" -n pe --address-prefix "$A1_PE" --output none \
+ && echo "Created $VNET_A1 with subnet pe"
 
 # A2
-az network vnet create -g "$RG" -n "$VNET_A2" --address-prefix 10.11.0.0/16 --subnet-name s-A2 --subnet-prefix "$A2_MAIN" -l "$LOCATION" --output none
-az network vnet subnet create -g "$RG" --vnet-name "$VNET_A2" -n pe --address-prefix "$A2_PE" --output none
+az network vnet create -g "$RG" -n "$VNET_A2" --address-prefix 10.11.0.0/16 --subnet-name s-A2 --subnet-prefix "$A2_MAIN" -l "$LOCATION" --output none \
+ && echo "Created $VNET_A2 with subnet s-A2"
+az network vnet subnet create -g "$RG" --vnet-name "$VNET_A2" -n pe --address-prefix "$A2_PE" --output none \
+ && echo "Created $VNET_A2 with subnet pe"
 
 # A3
-az network vnet create -g "$RG" -n "$VNET_A3" --address-prefix 10.12.0.0/16 --subnet-name s-A3 --subnet-prefix "$A3_MAIN" -l "$LOCATION" --output none
-az network vnet subnet create -g "$RG" --vnet-name "$VNET_A3" -n pe --address-prefix "$A3_PE" --output none
+az network vnet create -g "$RG" -n "$VNET_A3" --address-prefix 10.12.0.0/16 --subnet-name s-A3 --subnet-prefix "$A3_MAIN" -l "$LOCATION" --output none \
+ && echo "Created $VNET_A3 with subnet s-A3"
+az network vnet subnet create -g "$RG" --vnet-name "$VNET_A3" -n pe --address-prefix "$A3_PE" --output none \
+ && echo "Created $VNET_A3 with subnet pe"
 
 # B1
-az network vnet create -g "$RG" -n "$VNET_B1" --address-prefix 10.20.0.0/16 --subnet-name s-B1 --subnet-prefix "$B1_MAIN" -l "$LOCATION" --output none
+az network vnet create -g "$RG" -n "$VNET_B1" --address-prefix 10.20.0.0/16 --subnet-name s-B1 --subnet-prefix "$B1_MAIN" -l "$LOCATION" --output none \
+ && echo "Created $VNET_B1 with subnet s-B1"
+
+echo "All VNets and subnets created successfully."

From 903279853988529b649801d520bfb650b4531ab1 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Tue, 21 Oct 2025 10:35:30 -0700
Subject: [PATCH 25/45] Remove unused argument from template.

---
 .../template/long-running-pipeline-template.yaml                 | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
index d84f50c9ce..340813470d 100644
--- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
+++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
@@ -79,7 +79,6 @@ stages:
               scriptLocation: scriptPath
               scriptPath: ".pipelines/swiftv2-long-running/scripts/create_peerings.sh"
               arguments: >
-                ${{ parameters.subscriptionId }}
                 ${{ parameters.resourceGroupName }}
 
       # ------------------------------------------------------------

From b2610cc5eb10488999f98ab93a8f4c43a2edf23b Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Wed, 22 Oct 2025 12:09:04 -0700
Subject: [PATCH 26/45] Rename subnets. Changed NSG rules to prevent network
 connectivity between vnet 1 subnet 1 and vnet 1 subnet2.

---
 .../scripts/create_aks.sh                     |  1 +
 .../scripts/create_nsg.sh                     | 57 +++++++------------
 .../scripts/create_peerings.sh                |  2 +-
 .../scripts/create_storage.sh                 |  2 +-
 .../scripts/create_vnets.sh                   | 12 ++--
 .../long-running-pipeline-template.yaml       |  1 +
 6 files changed, 31 insertions(+), 44 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/scripts/create_aks.sh b/.pipelines/swiftv2-long-running/scripts/create_aks.sh
index dc4cbbbefd..0d8cddcbcc 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_aks.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_aks.sh
@@ -1,5 +1,6 @@
 #!/usr/bin/env bash
 set -e
+trap 'echo "[ERROR] Failed during Resource group or AKS cluster creation." >&2' ERR
 
 SUBSCRIPTION_ID=$1
 LOCATION=$2
diff --git a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
index 1a7655756c..d37a125a3f 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
@@ -1,63 +1,48 @@
 #!/usr/bin/env bash
 set -e
-trap 'echo "[ERROR] Failed during NSG creation." >&2' ERR
+trap 'echo "[ERROR] Failed during NSG creation or rule setup." >&2' ERR
 
 SUBSCRIPTION_ID=$1
 RG=$2
-LOCATION=${3:-centraluseuap}
+LOCATION=$3
 
 VNET_A1="cx_vnet_a1"
+SUBNET1_PREFIX="10.10.1.0/24"
+SUBNET2_PREFIX="10.10.2.0/24"
 NSG_NAME="${VNET_A1}-nsg"
 
 echo "==> Creating Network Security Group: $NSG_NAME"
 az network nsg create -g "$RG" -n "$NSG_NAME" -l "$LOCATION" --output none \
-  && echo "NSG $NSG_NAME created."
+  && echo "[OK] NSG '$NSG_NAME' created."
 
-echo "==> Adding NSG rules"
-
-# Allow SSH from any
+echo "==> Creating NSG rule to DENY traffic from Subnet1 ($SUBNET1_PREFIX) to Subnet2 ($SUBNET2_PREFIX)"
 az network nsg rule create \
   -g "$RG" \
   --nsg-name "$NSG_NAME" \
-  -n allow-ssh \
+  -n deny-subnet1-to-subnet2 \
   --priority 100 \
-  --source-address-prefixes "*" \
-  --destination-port-ranges 22 \
+  --source-address-prefixes "$SUBNET1_PREFIX" \
+  --destination-address-prefixes "$SUBNET2_PREFIX" \
   --direction Inbound \
-  --access Allow \
-  --protocol Tcp \
-  --description "Allow SSH access" \
+  --access Deny \
+  --protocol "*" \
+  --description "Deny all traffic from Subnet1 to Subnet2" \
   --output none \
-    && echo "Rule allow-ssh created."
+  && echo "[OK] Deny rule from Subnet1 → Subnet2 created."
 
-# Allow internal VNet traffic
+echo "==> Creating NSG rule to DENY traffic from Subnet2 ($SUBNET2_PREFIX) to Subnet1 ($SUBNET1_PREFIX)"
 az network nsg rule create \
   -g "$RG" \
   --nsg-name "$NSG_NAME" \
-  -n allow-vnet \
+  -n deny-subnet2-to-subnet1 \
   --priority 200 \
-  --source-address-prefixes VirtualNetwork \
-  --destination-address-prefixes VirtualNetwork \
+  --source-address-prefixes "$SUBNET2_PREFIX" \
+  --destination-address-prefixes "$SUBNET1_PREFIX" \
   --direction Inbound \
-  --access Allow \
+  --access Deny \
   --protocol "*" \
-  --description "Allow VNet internal traffic" \
-  --output none \
-    && echo "Rule allow-vnet created."
-
-# Allow AKS API traffic
-az network nsg rule create \
-  -g "$RG" \
-  --nsg-name "$NSG_NAME" \
-  -n allow-aks-controlplane \
-  --priority 300 \
-  --source-address-prefixes AzureCloud \
-  --destination-port-ranges 443 \
-  --direction Inbound \
-  --access Allow \
-  --protocol Tcp \
-  --description "Allow AKS control plane traffic" \
+  --description "Deny all traffic from Subnet2 to Subnet1" \
   --output none \
-    && echo "Rule allow-aks-controlplane created."
+  && echo "[OK] Deny rule from Subnet2 → Subnet1 created."
 
-echo "NSG '$NSG_NAME' created successfully with rules."
+echo "NSG '$NSG_NAME' created successfully with bidirectional isolation between Subnet1 and Subnet2."
diff --git a/.pipelines/swiftv2-long-running/scripts/create_peerings.sh b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh
index 4b199912cf..ce5cb58c19 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_peerings.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh
@@ -20,4 +20,4 @@ peer_two_vnets() {
 peer_two_vnets "$RG" "$VNET_A1" "$VNET_A2" "A1-to-A2" "A2-to-A1"
 peer_two_vnets "$RG" "$VNET_A2" "$VNET_A3" "A2-to-A3" "A3-to-A2"
 peer_two_vnets "$RG" "$VNET_A1" "$VNET_A3" "A1-to-A3" "A3-to-A1"
-echo "VNet peerings created successfully."
\ No newline at end of file
+echo "VNet peerings created successfully."
diff --git a/.pipelines/swiftv2-long-running/scripts/create_storage.sh b/.pipelines/swiftv2-long-running/scripts/create_storage.sh
index 6bd2d89c10..ea431a2500 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_storage.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_storage.sh
@@ -29,4 +29,4 @@ for SA in "$SA1" "$SA2"; do
   && echo "Storage account $SA created successfully."
 done
 
-echo "All storage accounts created successfully."
\ No newline at end of file
+echo "All storage accounts created successfully."
diff --git a/.pipelines/swiftv2-long-running/scripts/create_vnets.sh b/.pipelines/swiftv2-long-running/scripts/create_vnets.sh
index c7360bbc7c..05afe90502 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_vnets.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_vnets.sh
@@ -35,19 +35,19 @@ az network vnet subnet create -g "$RG" --vnet-name "$VNET_A1" -n pe --address-pr
  && echo "Created $VNET_A1 with subnet pe"
 
 # A2
-az network vnet create -g "$RG" -n "$VNET_A2" --address-prefix 10.11.0.0/16 --subnet-name s-A2 --subnet-prefix "$A2_MAIN" -l "$LOCATION" --output none \
- && echo "Created $VNET_A2 with subnet s-A2"
+az network vnet create -g "$RG" -n "$VNET_A2" --address-prefix 10.11.0.0/16 --subnet-name s1 --subnet-prefix "$A2_MAIN" -l "$LOCATION" --output none \
+ && echo "Created $VNET_A2 with subnet s1"
 az network vnet subnet create -g "$RG" --vnet-name "$VNET_A2" -n pe --address-prefix "$A2_PE" --output none \
  && echo "Created $VNET_A2 with subnet pe"
 
 # A3
-az network vnet create -g "$RG" -n "$VNET_A3" --address-prefix 10.12.0.0/16 --subnet-name s-A3 --subnet-prefix "$A3_MAIN" -l "$LOCATION" --output none \
- && echo "Created $VNET_A3 with subnet s-A3"
+az network vnet create -g "$RG" -n "$VNET_A3" --address-prefix 10.12.0.0/16 --subnet-name s1 --subnet-prefix "$A3_MAIN" -l "$LOCATION" --output none \
+ && echo "Created $VNET_A3 with subnet s1"
 az network vnet subnet create -g "$RG" --vnet-name "$VNET_A3" -n pe --address-prefix "$A3_PE" --output none \
  && echo "Created $VNET_A3 with subnet pe"
 
 # B1
-az network vnet create -g "$RG" -n "$VNET_B1" --address-prefix 10.20.0.0/16 --subnet-name s-B1 --subnet-prefix "$B1_MAIN" -l "$LOCATION" --output none \
- && echo "Created $VNET_B1 with subnet s-B1"
+az network vnet create -g "$RG" -n "$VNET_B1" --address-prefix 10.20.0.0/16 --subnet-name s1 --subnet-prefix "$B1_MAIN" -l "$LOCATION" --output none \
+ && echo "Created $VNET_B1 with subnet s1"
 
 echo "All VNets and subnets created successfully."
diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
index 340813470d..95fb2b55cf 100644
--- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
+++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
@@ -123,3 +123,4 @@ stages:
               arguments: >
                 ${{ parameters.subscriptionId }}
                 ${{ parameters.resourceGroupName }}
+                ${{ parameters.location }}

From b67fc7da26805019412f9b6b2bca20befaaa30e9 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Wed, 22 Oct 2025 13:28:07 -0700
Subject: [PATCH 27/45] Private endpoints.

---
 .../swiftv2-long-running/scripts/create_pe.sh | 49 +++++++++++++++++++
 .../scripts/create_storage.sh                 |  4 ++
 .../long-running-pipeline-template.yaml       | 30 ++++++++++++
 3 files changed, 83 insertions(+)
 create mode 100644 .pipelines/swiftv2-long-running/scripts/create_pe.sh

diff --git a/.pipelines/swiftv2-long-running/scripts/create_pe.sh b/.pipelines/swiftv2-long-running/scripts/create_pe.sh
new file mode 100644
index 0000000000..eab33a50c7
--- /dev/null
+++ b/.pipelines/swiftv2-long-running/scripts/create_pe.sh
@@ -0,0 +1,49 @@
+#!/usr/bin/env bash
+set -e
+trap 'echo "[ERROR] Failed during Private Endpoint or DNS setup." >&2' ERR
+
+SUBSCRIPTION_ID=$1
+LOCATION=$2
+RG=$3
+SA1_NAME=$4  # from previous script (storage account 1)
+SA2_NAME=$5  # from previous script (storage account 2)
+VNET_A1="cx_vnet_a1"
+
+SUBNET_PE_A1="pe"
+PE_NAME="${SA1_NAME}-pe"
+PRIVATE_DNS_ZONE="privatelink.blob.core.windows.net"
+LINK_NAME="${VNET_A1}-link"
+
+echo "==> Creating Private DNS zone: $PRIVATE_DNS_ZONE"
+az network private-dns zone create -g "$RG" -n "$PRIVATE_DNS_ZONE" --output none \
+  && echo "[OK] DNS zone $PRIVATE_DNS_ZONE created."
+
+echo "==> Linking DNS zone $PRIVATE_DNS_ZONE to VNet $VNET_A1"
+az network private-dns link-vnet create \
+  -g "$RG" -n "$LINK_NAME" \
+  --zone-name "$PRIVATE_DNS_ZONE" \
+  --virtual-network "$VNET_A1" \
+  --registration-enabled false --output none \
+  && echo "[OK] Linked DNS zone to $VNET_A1."
+
+echo "==> Creating Private Endpoint for Storage Account: $SA1_NAME"
+SA1_ID=$(az storage account show -g "$RG" -n "$SA1_NAME" --query id -o tsv)
+az network private-endpoint create \
+  -g "$RG" -n "$PE_NAME" -l "$LOCATION" \
+  --vnet-name "$VNET_A1" --subnet "$SUBNET_PE_A1" \
+  --private-connection-resource-id "$SA1_ID" \
+  --group-id blob \
+  --connection-name "${PE_NAME}-conn" \
+  --output none \
+  && echo "[OK] Private Endpoint $PE_NAME created for $SA1_NAME."
+
+echo "==> Linking Private Endpoint to DNS zone"
+NIC_ID=$(az network private-endpoint show -g "$RG" -n "$PE_NAME" --query 'networkInterfaces[0].id' -o tsv)
+FQDN=$(az storage account show -g "$RG" -n "$SA1_NAME" --query 'primaryEndpoints.blob' -o tsv | sed 's#https://##; s#/##')
+PRIVATE_IP=$(az network nic show --ids "$NIC_ID" --query 'ipConfigurations[0].privateIpAddress' -o tsv)
+
+az network private-dns record-set a add-record \
+  -g "$RG" -z "$PRIVATE_DNS_ZONE" -n "$FQDN" -a "$PRIVATE_IP" --output none \
+  && echo "[OK] Added Private DNS record for $SA1_NAME → $PRIVATE_IP"
+
+echo "Private Endpoint setup complete for $SA1_NAME (accessible only within VNet A1)."
diff --git a/.pipelines/swiftv2-long-running/scripts/create_storage.sh b/.pipelines/swiftv2-long-running/scripts/create_storage.sh
index ea431a2500..62a285ef04 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_storage.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_storage.sh
@@ -30,3 +30,7 @@ for SA in "$SA1" "$SA2"; do
 done
 
 echo "All storage accounts created successfully."
+set +x
+	echo "##vso[task.setvariable variable=StorageAccount1;isOutput=true]$SA1"
+	echo "##vso[task.setvariable variable=StorageAccount2;isOutput=true]$SA2"
+set -x
diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
index 95fb2b55cf..0f328466fa 100644
--- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
+++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
@@ -92,6 +92,7 @@ stages:
         steps:
           - checkout: self
           - task: AzureCLI@2
+            name: CreateStorageTask
             displayName: "Run create_storage.sh"
             inputs:
               azureSubscription: ${{ parameters.serviceConnection }}
@@ -102,6 +103,9 @@ stages:
                 ${{ parameters.subscriptionId }}
                 ${{ parameters.location }}
                 ${{ parameters.resourceGroupName }}
+        outputs:
+          StorageAccount1: $[ dependencies.Create_Storage.outputs['CreateStorageTask.StorageAccount1'] ]
+          StorageAccount2: $[ dependencies.Create_Storage.outputs['CreateStorageTask.StorageAccount2'] ]
 
       # ------------------------------------------------------------
       # Job 5: Create NSG
@@ -124,3 +128,29 @@ stages:
                 ${{ parameters.subscriptionId }}
                 ${{ parameters.resourceGroupName }}
                 ${{ parameters.location }}
+      # ------------------------------------------------------------
+      # Job 6: Create Private Endpoint
+      # ------------------------------------------------------------
+      - job: Create_PrivateEndpoint
+        displayName: "Create Private Endpoint for Storage"
+        dependsOn: Create_Storage
+        pool:
+          vmImage: ubuntu-latest
+        variables:
+          StorageAccount1: $[ dependencies.Create_Storage.outputs['CreateStorageTask.StorageAccount1'] ]
+          StorageAccount2: $[ dependencies.Create_Storage.outputs['CreateStorageTask.StorageAccount2'] ]
+        steps:
+          - checkout: self
+          - task: AzureCLI@2
+            displayName: "Run create_private_endpoint.sh"
+            inputs:
+              azureSubscription: ${{ parameters.serviceConnection }}
+              scriptType: bash
+              scriptLocation: scriptPath
+              scriptPath: ".pipelines/swiftv2-long-running/scripts/create_private_endpoint.sh"
+              arguments: >
+                ${{ parameters.subscriptionId }}
+                ${{ parameters.location }}
+                ${{ parameters.resourceGroupName }}
+                $(StorageAccount1)
+                $(StorageAccount2)

From ef3c19f72b08b257f79ab7473056bebcd102b7ee Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Wed, 22 Oct 2025 13:46:25 -0700
Subject: [PATCH 28/45] Change pipeline template.

---
 .../long-running-pipeline-template.yaml       | 78 ++++++-------------
 1 file changed, 22 insertions(+), 56 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
index 0f328466fa..c4ff52902c 100644
--- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
+++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
@@ -19,7 +19,7 @@ stages:
       # ------------------------------------------------------------
       # Job 1: Create AKS Cluster
       # ------------------------------------------------------------
-      - job: Create_AKS
+      - job: CreateCluster
         displayName: "Create AKS Clusters"
         pool:
           vmImage: ubuntu-latest
@@ -40,17 +40,18 @@ stages:
                 ${{ parameters.vmSkuHighNIC }}
 
       # ------------------------------------------------------------
-      # Job 2: Create VNets
+      # Job 2: Networking & Storage
       # ------------------------------------------------------------
-      - job: Create_VNets
-        displayName: "Create VNets"
-        dependsOn: Create_AKS
+      - job: NetworkingAndStorage
+        displayName: "Networking and Storage Setup"
         pool:
           vmImage: ubuntu-latest
         steps:
           - checkout: self
+
+          # Task 1: Create VNets
           - task: AzureCLI@2
-            displayName: "Run create_vnets.sh"
+            displayName: "Create customer vnets"
             inputs:
               azureSubscription: ${{ parameters.serviceConnection }}
               scriptType: bash
@@ -61,18 +62,9 @@ stages:
                 ${{ parameters.location }}
                 ${{ parameters.resourceGroupName }}
 
-      # ------------------------------------------------------------
-      # Job 3: Create Peerings
-      # ------------------------------------------------------------
-      - job: Create_Peerings
-        displayName: "Create Peerings"
-        dependsOn: Create_VNets
-        pool:
-          vmImage: ubuntu-latest
-        steps:
-          - checkout: self
+          # Task 2: Create Peerings
           - task: AzureCLI@2
-            displayName: "Run create_peerings.sh"
+            displayName: "Create customer vnet peerings"
             inputs:
               azureSubscription: ${{ parameters.serviceConnection }}
               scriptType: bash
@@ -81,19 +73,10 @@ stages:
               arguments: >
                 ${{ parameters.resourceGroupName }}
 
-      # ------------------------------------------------------------
-      # Job 4: Create Storage
-      # ------------------------------------------------------------
-      - job: Create_Storage
-        displayName: "Create Storage"
-        dependsOn: Create_AKS
-        pool:
-          vmImage: ubuntu-latest
-        steps:
-          - checkout: self
+          # Task 3: Create Storage Accounts
           - task: AzureCLI@2
             name: CreateStorageTask
-            displayName: "Run create_storage.sh"
+            displayName: "Create storage accounts"
             inputs:
               azureSubscription: ${{ parameters.serviceConnection }}
               scriptType: bash
@@ -103,22 +86,16 @@ stages:
                 ${{ parameters.subscriptionId }}
                 ${{ parameters.location }}
                 ${{ parameters.resourceGroupName }}
-        outputs:
-          StorageAccount1: $[ dependencies.Create_Storage.outputs['CreateStorageTask.StorageAccount1'] ]
-          StorageAccount2: $[ dependencies.Create_Storage.outputs['CreateStorageTask.StorageAccount2'] ]
 
-      # ------------------------------------------------------------
-      # Job 5: Create NSG
-      # ------------------------------------------------------------
-      - job: Create_NSG
-        displayName: "Create Network Security Groups"
-        dependsOn: Create_VNets
-        pool:
-          vmImage: ubuntu-latest
-        steps:
-          - checkout: self
+          # Set storage account names as variables for later tasks
+          - script: |
+              echo "##vso[task.setvariable variable=StorageAccount1]$(StorageAccount1)"
+              echo "##vso[task.setvariable variable=StorageAccount2]$(StorageAccount2)"
+            displayName: "Set storage account variables"
+
+          # Task 4: Create NSG
           - task: AzureCLI@2
-            displayName: "Run create_nsg.sh"
+            displayName: "Create network security groups to restrict access between subnets."
             inputs:
               azureSubscription: ${{ parameters.serviceConnection }}
               scriptType: bash
@@ -128,21 +105,10 @@ stages:
                 ${{ parameters.subscriptionId }}
                 ${{ parameters.resourceGroupName }}
                 ${{ parameters.location }}
-      # ------------------------------------------------------------
-      # Job 6: Create Private Endpoint
-      # ------------------------------------------------------------
-      - job: Create_PrivateEndpoint
-        displayName: "Create Private Endpoint for Storage"
-        dependsOn: Create_Storage
-        pool:
-          vmImage: ubuntu-latest
-        variables:
-          StorageAccount1: $[ dependencies.Create_Storage.outputs['CreateStorageTask.StorageAccount1'] ]
-          StorageAccount2: $[ dependencies.Create_Storage.outputs['CreateStorageTask.StorageAccount2'] ]
-        steps:
-          - checkout: self
+
+          # Task 5: Create Private Endpoint
           - task: AzureCLI@2
-            displayName: "Run create_private_endpoint.sh"
+            displayName: "Create Private Endpoint for Storage Account."
             inputs:
               azureSubscription: ${{ parameters.serviceConnection }}
               scriptType: bash

From 13b895813008307436071733ab0ec2c65c86eeb2 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Wed, 22 Oct 2025 14:02:16 -0700
Subject: [PATCH 29/45] Set output variables.

---
 .../template/long-running-pipeline-template.yaml | 16 +++++-----------
 1 file changed, 5 insertions(+), 11 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
index c4ff52902c..f47a67ce1e 100644
--- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
+++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
@@ -75,7 +75,7 @@ stages:
 
           # Task 3: Create Storage Accounts
           - task: AzureCLI@2
-            name: CreateStorageTask
+            name: CreateStorageAccounts
             displayName: "Create storage accounts"
             inputs:
               azureSubscription: ${{ parameters.serviceConnection }}
@@ -86,13 +86,7 @@ stages:
                 ${{ parameters.subscriptionId }}
                 ${{ parameters.location }}
                 ${{ parameters.resourceGroupName }}
-
-          # Set storage account names as variables for later tasks
-          - script: |
-              echo "##vso[task.setvariable variable=StorageAccount1]$(StorageAccount1)"
-              echo "##vso[task.setvariable variable=StorageAccount2]$(StorageAccount2)"
-            displayName: "Set storage account variables"
-
+                
           # Task 4: Create NSG
           - task: AzureCLI@2
             displayName: "Create network security groups to restrict access between subnets."
@@ -113,10 +107,10 @@ stages:
               azureSubscription: ${{ parameters.serviceConnection }}
               scriptType: bash
               scriptLocation: scriptPath
-              scriptPath: ".pipelines/swiftv2-long-running/scripts/create_private_endpoint.sh"
+              scriptPath: ".pipelines/swiftv2-long-running/scripts/create_pe.sh"
               arguments: >
                 ${{ parameters.subscriptionId }}
                 ${{ parameters.location }}
                 ${{ parameters.resourceGroupName }}
-                $(StorageAccount1)
-                $(StorageAccount2)
+                $(CreateStorageAccounts.StorageAccount1)
+                $(CreateStorageAccounts.StorageAccount2)

From 3786b507f3b656c54e090a5d0785d9891c4b55a3 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Wed, 22 Oct 2025 14:23:22 -0700
Subject: [PATCH 30/45] private endpoint.

---
 .../swiftv2-long-running/scripts/create_pe.sh | 26 +++++--------------
 1 file changed, 6 insertions(+), 20 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/scripts/create_pe.sh b/.pipelines/swiftv2-long-running/scripts/create_pe.sh
index eab33a50c7..843d27db2d 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_pe.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_pe.sh
@@ -5,45 +5,31 @@ trap 'echo "[ERROR] Failed during Private Endpoint or DNS setup." >&2' ERR
 SUBSCRIPTION_ID=$1
 LOCATION=$2
 RG=$3
-SA1_NAME=$4  # from previous script (storage account 1)
-SA2_NAME=$5  # from previous script (storage account 2)
+SA1_NAME=$4  # Storage account 1
 VNET_A1="cx_vnet_a1"
-
 SUBNET_PE_A1="pe"
 PE_NAME="${SA1_NAME}-pe"
 PRIVATE_DNS_ZONE="privatelink.blob.core.windows.net"
 LINK_NAME="${VNET_A1}-link"
 
+# 1. Create Private DNS zone
 echo "==> Creating Private DNS zone: $PRIVATE_DNS_ZONE"
 az network private-dns zone create -g "$RG" -n "$PRIVATE_DNS_ZONE" --output none \
   && echo "[OK] DNS zone $PRIVATE_DNS_ZONE created."
 
+# 2. Link DNS zone to VNet
 echo "==> Linking DNS zone $PRIVATE_DNS_ZONE to VNet $VNET_A1"
-az network private-dns link-vnet create \
+az network private-dns link vnet create \
   -g "$RG" -n "$LINK_NAME" \
   --zone-name "$PRIVATE_DNS_ZONE" \
   --virtual-network "$VNET_A1" \
   --registration-enabled false --output none \
   && echo "[OK] Linked DNS zone to $VNET_A1."
 
+# 3. Create Private Endpoint
 echo "==> Creating Private Endpoint for Storage Account: $SA1_NAME"
 SA1_ID=$(az storage account show -g "$RG" -n "$SA1_NAME" --query id -o tsv)
 az network private-endpoint create \
   -g "$RG" -n "$PE_NAME" -l "$LOCATION" \
   --vnet-name "$VNET_A1" --subnet "$SUBNET_PE_A1" \
-  --private-connection-resource-id "$SA1_ID" \
-  --group-id blob \
-  --connection-name "${PE_NAME}-conn" \
-  --output none \
-  && echo "[OK] Private Endpoint $PE_NAME created for $SA1_NAME."
-
-echo "==> Linking Private Endpoint to DNS zone"
-NIC_ID=$(az network private-endpoint show -g "$RG" -n "$PE_NAME" --query 'networkInterfaces[0].id' -o tsv)
-FQDN=$(az storage account show -g "$RG" -n "$SA1_NAME" --query 'primaryEndpoints.blob' -o tsv | sed 's#https://##; s#/##')
-PRIVATE_IP=$(az network nic show --ids "$NIC_ID" --query 'ipConfigurations[0].privateIpAddress' -o tsv)
-
-az network private-dns record-set a add-record \
-  -g "$RG" -z "$PRIVATE_DNS_ZONE" -n "$FQDN" -a "$PRIVATE_IP" --output none \
-  && echo "[OK] Added Private DNS record for $SA1_NAME → $PRIVATE_IP"
-
-echo "Private Endpoint setup complete for $SA1_NAME (accessible only within VNet A1)."
+  --private-connection-resource-id "$SA1

From 589128108eec5070f4cae49641a4846cc30151fc Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Wed, 22 Oct 2025 14:35:13 -0700
Subject: [PATCH 31/45] update private endpoint.

---
 .pipelines/swiftv2-long-running/scripts/create_pe.sh | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/.pipelines/swiftv2-long-running/scripts/create_pe.sh b/.pipelines/swiftv2-long-running/scripts/create_pe.sh
index 843d27db2d..d9d4bdbf6b 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_pe.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_pe.sh
@@ -32,4 +32,8 @@ SA1_ID=$(az storage account show -g "$RG" -n "$SA1_NAME" --query id -o tsv)
 az network private-endpoint create \
   -g "$RG" -n "$PE_NAME" -l "$LOCATION" \
   --vnet-name "$VNET_A1" --subnet "$SUBNET_PE_A1" \
-  --private-connection-resource-id "$SA1
+  --private-connection-resource-id "$SA1_ID" \
+  --group-id blob \
+  --connection-name "${PE_NAME}-conn" \
+  --output none \
+  && echo "[OK] Private Endpoint $PE_NAME created for $SA1_NAME."

From 8943f8e9954569d555e648c63f950814282ef337 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Wed, 22 Oct 2025 17:05:06 -0700
Subject: [PATCH 32/45] create storage account.

---
 .../scripts/create_storage.sh                 | 32 ++++++++++---------
 1 file changed, 17 insertions(+), 15 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/scripts/create_storage.sh b/.pipelines/swiftv2-long-running/scripts/create_storage.sh
index 62a285ef04..a21b1d1d3a 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_storage.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_storage.sh
@@ -9,28 +9,30 @@ RG=$3
 RAND=$(openssl rand -hex 4)
 SA1="sa1${RAND}"
 SA2="sa2${RAND}"
-API_VER="2025-06-01"
+
+# Set subscription context
+az account set --subscription "$SUBSCRIPTION_ID"
 
 # Create storage accounts
 for SA in "$SA1" "$SA2"; do
   echo "==> Creating storage account $SA"
-  az rest --method put \
-    --url "https://management.azure.com/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RG/providers/Microsoft.Storage/storageAccounts/$SA?api-version=$API_VER" \
-    --body "{
-      \"location\": \"$LOCATION\",
-      \"sku\": { \"name\": \"Standard_LRS\" },
-      \"kind\": \"StorageV2\",
-      \"properties\": {
-        \"minimumTlsVersion\": \"TLS1_2\",
-        \"allowBlobPublicAccess\": false,
-        \"allowSharedKeyAccess\": false
-      }
-    }" \
+  az storage account create \
+    --name "$SA" \
+    --resource-group "$RG" \
+    --location "$LOCATION" \
+    --sku Standard_LRS \
+    --kind StorageV2 \
+    --allow-blob-public-access false \
+    --https-only true \
+    --min-tls-version TLS1_2 \
+    --query "name" -o tsv \
   && echo "Storage account $SA created successfully."
 done
 
 echo "All storage accounts created successfully."
+
+# Set pipeline output variables
 set +x
-	echo "##vso[task.setvariable variable=StorageAccount1;isOutput=true]$SA1"
-	echo "##vso[task.setvariable variable=StorageAccount2;isOutput=true]$SA2"
+echo "##vso[task.setvariable variable=StorageAccount1;isOutput=true]$SA1"
+echo "##vso[task.setvariable variable=StorageAccount2;isOutput=true]$SA2"
 set -x

From 520647e0f7f0528d5fd037b6e3368eeafc5e3ef1 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Wed, 22 Oct 2025 19:23:51 -0700
Subject: [PATCH 33/45] disallow shared key access.

---
 .pipelines/swiftv2-long-running/scripts/create_storage.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.pipelines/swiftv2-long-running/scripts/create_storage.sh b/.pipelines/swiftv2-long-running/scripts/create_storage.sh
index a21b1d1d3a..14c230734f 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_storage.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_storage.sh
@@ -23,6 +23,7 @@ for SA in "$SA1" "$SA2"; do
     --sku Standard_LRS \
     --kind StorageV2 \
     --allow-blob-public-access false \
+    --allow-shared-key-access false \
     --https-only true \
     --min-tls-version TLS1_2 \
     --query "name" -o tsv \

From 183ef9b1f5242a0387e8b5c82ef8c1a26de4ecb6 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Wed, 22 Oct 2025 20:03:20 -0700
Subject: [PATCH 34/45] change pipeline template.

---
 .../long-running-pipeline-template.yaml       | 39 ++++++++++++++++---
 1 file changed, 33 insertions(+), 6 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
index f47a67ce1e..16279c1107 100644
--- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
+++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
@@ -17,10 +17,34 @@ stages:
     displayName: "Stage: AKS Cluster and Networking Setup"
     jobs:
       # ------------------------------------------------------------
-      # Job 1: Create AKS Cluster
+      # Job 1: Create Resource Group
+      # ------------------------------------------------------------
+      - job: CreateResourceGroup
+        displayName: "Create Resource Group"
+        pool:
+          vmImage: ubuntu-latest
+        steps:
+          - checkout: self
+          - task: AzureCLI@2
+            displayName: "Create resource group"
+            inputs:
+              azureSubscription: ${{ parameters.serviceConnection }}
+              scriptType: bash
+              scriptLocation: inlineScript
+              inlineScript: |
+                echo "==> Creating resource group ${{ parameters.resourceGroupName }} in ${{ parameters.location }}"
+                az group create \
+                  --name "${{ parameters.resourceGroupName }}" \
+                  --location "${{ parameters.location }}" \
+                  --subscription "${{ parameters.subscriptionId }}"
+                echo "Resource group created successfully."
+
+      # ------------------------------------------------------------
+      # Job 2: Create AKS Clusters
       # ------------------------------------------------------------
       - job: CreateCluster
         displayName: "Create AKS Clusters"
+        dependsOn: CreateResourceGroup
         pool:
           vmImage: ubuntu-latest
         steps:
@@ -38,12 +62,13 @@ stages:
                 ${{ parameters.resourceGroupName }}
                 ${{ parameters.vmSkuDefault }}
                 ${{ parameters.vmSkuHighNIC }}
-
+      
       # ------------------------------------------------------------
-      # Job 2: Networking & Storage
+      # Job 3: Networking & Storage
       # ------------------------------------------------------------
       - job: NetworkingAndStorage
         displayName: "Networking and Storage Setup"
+        dependsOn: CreateResourceGroup
         pool:
           vmImage: ubuntu-latest
         steps:
@@ -86,10 +111,10 @@ stages:
                 ${{ parameters.subscriptionId }}
                 ${{ parameters.location }}
                 ${{ parameters.resourceGroupName }}
-                
+
           # Task 4: Create NSG
           - task: AzureCLI@2
-            displayName: "Create network security groups to restrict access between subnets."
+            displayName: "Create network security groups to restrict access between subnets"
             inputs:
               azureSubscription: ${{ parameters.serviceConnection }}
               scriptType: bash
@@ -102,7 +127,7 @@ stages:
 
           # Task 5: Create Private Endpoint
           - task: AzureCLI@2
-            displayName: "Create Private Endpoint for Storage Account."
+            displayName: "Create Private Endpoint for Storage Account"
             inputs:
               azureSubscription: ${{ parameters.serviceConnection }}
               scriptType: bash
@@ -114,3 +139,5 @@ stages:
                 ${{ parameters.resourceGroupName }}
                 $(CreateStorageAccounts.StorageAccount1)
                 $(CreateStorageAccounts.StorageAccount2)
+
+      

From 48544520749ab12e50b4d7fe99d979cf9c4cfc20 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Thu, 23 Oct 2025 10:30:13 -0700
Subject: [PATCH 35/45] Removed unused param.

---
 .pipelines/swiftv2-long-running/scripts/create_aks.sh          | 3 ---
 .../template/long-running-pipeline-template.yaml               | 3 ---
 2 files changed, 6 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/scripts/create_aks.sh b/.pipelines/swiftv2-long-running/scripts/create_aks.sh
index 0d8cddcbcc..f051f994a6 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_aks.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_aks.sh
@@ -15,9 +15,6 @@ echo "VM SKU (default): $VM_SKU_DEFAULT"
 echo "VM SKU (high-NIC): $VM_SKU_HIGHNIC"
 az account set --subscription "$SUBSCRIPTION_ID"
 
-echo "==> Creating resource group: $RG"
-az group create -n "$RG" -l "$LOCATION" --output none
-
 # Enable parallel cluster creation
 create_cluster() {
   local CLUSTER=$1
diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
index 16279c1107..cc6016f17a 100644
--- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
+++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml
@@ -138,6 +138,3 @@ stages:
                 ${{ parameters.location }}
                 ${{ parameters.resourceGroupName }}
                 $(CreateStorageAccounts.StorageAccount1)
-                $(CreateStorageAccounts.StorageAccount2)
-
-      

From 6d112415671155574a8b8a8d3d0c9927a7277b84 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Thu, 23 Oct 2025 12:18:54 -0700
Subject: [PATCH 36/45] Link private endpoint dns to vnet a2 and vnet a3.

---
 .../swiftv2-long-running/scripts/create_pe.sh | 23 ++++++++++++++++---
 .../scripts/create_vnets.sh                   |  6 -----
 2 files changed, 20 insertions(+), 9 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/scripts/create_pe.sh b/.pipelines/swiftv2-long-running/scripts/create_pe.sh
index d9d4bdbf6b..1d1aea0744 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_pe.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_pe.sh
@@ -6,11 +6,13 @@ SUBSCRIPTION_ID=$1
 LOCATION=$2
 RG=$3
 SA1_NAME=$4  # Storage account 1
+
 VNET_A1="cx_vnet_a1"
+VNET_A2="cx_vnet_a2"
+VNET_A3="cx_vnet_a3"
 SUBNET_PE_A1="pe"
 PE_NAME="${SA1_NAME}-pe"
 PRIVATE_DNS_ZONE="privatelink.blob.core.windows.net"
-LINK_NAME="${VNET_A1}-link"
 
 # 1. Create Private DNS zone
 echo "==> Creating Private DNS zone: $PRIVATE_DNS_ZONE"
@@ -20,12 +22,27 @@ az network private-dns zone create -g "$RG" -n "$PRIVATE_DNS_ZONE" --output none
 # 2. Link DNS zone to VNet
 echo "==> Linking DNS zone $PRIVATE_DNS_ZONE to VNet $VNET_A1"
 az network private-dns link vnet create \
-  -g "$RG" -n "$LINK_NAME" \
+  -g "$RG" -n "${VNET_A1}-link" \
   --zone-name "$PRIVATE_DNS_ZONE" \
   --virtual-network "$VNET_A1" \
-  --registration-enabled false --output none \
+  --registration-enabled false \
   && echo "[OK] Linked DNS zone to $VNET_A1."
 
+az network private-dns link vnet create \
+  -g "$RG" -n "${VNET_A2}-link" -\
+  -zone-name "$PRIVATE_DNS_ZONE" \
+  --virtual-network "$VNET_A2" \
+  --registration-enabled false \
+  && echo "[OK] Linked DNS zone to $VNET_A2."
+
+az network private-dns link vnet create \
+  -g "$RG" -n "${VNET_A3}-link" \
+  --zone-name "$PRIVATE_DNS_ZONE" \
+  --virtual-network "$VNET_A3" \
+  --registration-enabled false \
+  && echo "[OK] Linked DNS zone to $VNET_A3."
+
+
 # 3. Create Private Endpoint
 echo "==> Creating Private Endpoint for Storage Account: $SA1_NAME"
 SA1_ID=$(az storage account show -g "$RG" -n "$SA1_NAME" --query id -o tsv)
diff --git a/.pipelines/swiftv2-long-running/scripts/create_vnets.sh b/.pipelines/swiftv2-long-running/scripts/create_vnets.sh
index 05afe90502..7363476488 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_vnets.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_vnets.sh
@@ -19,10 +19,8 @@ A1_S2="10.10.2.0/24"
 A1_PE="10.10.100.0/24"
 
 A2_MAIN="10.11.1.0/24"
-A2_PE="10.11.100.0/24"
 
 A3_MAIN="10.12.1.0/24"
-A3_PE="10.12.100.0/24"
 
 B1_MAIN="10.20.1.0/24"
 
@@ -37,14 +35,10 @@ az network vnet subnet create -g "$RG" --vnet-name "$VNET_A1" -n pe --address-pr
 # A2
 az network vnet create -g "$RG" -n "$VNET_A2" --address-prefix 10.11.0.0/16 --subnet-name s1 --subnet-prefix "$A2_MAIN" -l "$LOCATION" --output none \
  && echo "Created $VNET_A2 with subnet s1"
-az network vnet subnet create -g "$RG" --vnet-name "$VNET_A2" -n pe --address-prefix "$A2_PE" --output none \
- && echo "Created $VNET_A2 with subnet pe"
 
 # A3
 az network vnet create -g "$RG" -n "$VNET_A3" --address-prefix 10.12.0.0/16 --subnet-name s1 --subnet-prefix "$A3_MAIN" -l "$LOCATION" --output none \
  && echo "Created $VNET_A3 with subnet s1"
-az network vnet subnet create -g "$RG" --vnet-name "$VNET_A3" -n pe --address-prefix "$A3_PE" --output none \
- && echo "Created $VNET_A3 with subnet pe"
 
 # B1
 az network vnet create -g "$RG" -n "$VNET_B1" --address-prefix 10.20.0.0/16 --subnet-name s1 --subnet-prefix "$B1_MAIN" -l "$LOCATION" --output none \

From ba6b336e4125270896986a5a65fde5920b01de9b Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Thu, 23 Oct 2025 17:24:49 -0700
Subject: [PATCH 37/45] attach nsg rule to subnets.

---
 .../swiftv2-long-running/scripts/create_nsg.sh       | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
index d37a125a3f..3de72d6e8f 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
@@ -17,9 +17,9 @@ az network nsg create -g "$RG" -n "$NSG_NAME" -l "$LOCATION" --output none \
 
 echo "==> Creating NSG rule to DENY traffic from Subnet1 ($SUBNET1_PREFIX) to Subnet2 ($SUBNET2_PREFIX)"
 az network nsg rule create \
-  -g "$RG" \
+  --resource-group "$RG" \
   --nsg-name "$NSG_NAME" \
-  -n deny-subnet1-to-subnet2 \
+  --name deny-subnet1-to-subnet2 \
   --priority 100 \
   --source-address-prefixes "$SUBNET1_PREFIX" \
   --destination-address-prefixes "$SUBNET2_PREFIX" \
@@ -32,9 +32,9 @@ az network nsg rule create \
 
 echo "==> Creating NSG rule to DENY traffic from Subnet2 ($SUBNET2_PREFIX) to Subnet1 ($SUBNET1_PREFIX)"
 az network nsg rule create \
-  -g "$RG" \
+  --resource-group "$RG" \
   --nsg-name "$NSG_NAME" \
-  -n deny-subnet2-to-subnet1 \
+  --name deny-subnet2-to-subnet1 \
   --priority 200 \
   --source-address-prefixes "$SUBNET2_PREFIX" \
   --destination-address-prefixes "$SUBNET1_PREFIX" \
@@ -45,4 +45,8 @@ az network nsg rule create \
   --output none \
   && echo "[OK] Deny rule from Subnet2 → Subnet1 created."
 
+  az network vnet subnet update --name s1 --vnet-name cx_vnet_a1 --resource-group "$RG" --network-security-group cx_nsg_a1
+  az network vnet subnet update --name s2 --vnet-name cx_vnet_a1 --resource-group "$RG" --network-security-group cx_nsg_a1
+
 echo "NSG '$NSG_NAME' created successfully with bidirectional isolation between Subnet1 and Subnet2."
+

From 7d07adbffffd894311d27af7860c3ff6077123a4 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Thu, 23 Oct 2025 20:34:28 -0700
Subject: [PATCH 38/45] Link nsg with subnet.

---
 .../swiftv2-long-running/scripts/create_nsg.sh    | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
index 3de72d6e8f..858c293990 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
@@ -45,8 +45,19 @@ az network nsg rule create \
   --output none \
   && echo "[OK] Deny rule from Subnet2 → Subnet1 created."
 
-  az network vnet subnet update --name s1 --vnet-name cx_vnet_a1 --resource-group "$RG" --network-security-group cx_nsg_a1
-  az network vnet subnet update --name s2 --vnet-name cx_vnet_a1 --resource-group "$RG" --network-security-group cx_nsg_a1
+az network vnet subnet update \
+  --name s1 \
+  --vnet-name "$VNET_A1" \
+  --resource-group "$RG" \
+  --network-security-group "$NSG_NAME" \
+  --output none
+
+az network vnet subnet update \
+  --name s2 \
+  --vnet-name "$VNET_A1" \
+  --resource-group "$RG" \
+  --network-security-group "$NSG_NAME" \
+  --output none
 
 echo "NSG '$NSG_NAME' created successfully with bidirectional isolation between Subnet1 and Subnet2."
 

From 8627ad0c1463c136061b6091064480816ffae097 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Thu, 23 Oct 2025 20:58:20 -0700
Subject: [PATCH 39/45] Private endpoint fix - long running pipeline.

---
 .pipelines/swiftv2-long-running/scripts/create_pe.sh | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/scripts/create_pe.sh b/.pipelines/swiftv2-long-running/scripts/create_pe.sh
index 1d1aea0744..60488e39db 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_pe.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_pe.sh
@@ -29,8 +29,8 @@ az network private-dns link vnet create \
   && echo "[OK] Linked DNS zone to $VNET_A1."
 
 az network private-dns link vnet create \
-  -g "$RG" -n "${VNET_A2}-link" -\
-  -zone-name "$PRIVATE_DNS_ZONE" \
+  -g "$RG" -n "${VNET_A2}-link" \
+  --zone-name "$PRIVATE_DNS_ZONE" \
   --virtual-network "$VNET_A2" \
   --registration-enabled false \
   && echo "[OK] Linked DNS zone to $VNET_A2."

From 102393a355db953465574ad0e9ae2fabe563a3f3 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Wed, 29 Oct 2025 10:13:55 -0700
Subject: [PATCH 40/45] Verify each resource creation - long running cluster
 test pipeline.

---
 .../scripts/create_nsg.sh                     | 70 ++++++++++++++---
 .../swiftv2-long-running/scripts/create_pe.sh | 75 +++++++++++++------
 .../scripts/create_peerings.sh                | 17 ++++-
 .../scripts/create_storage.sh                 | 12 ++-
 .../scripts/create_vnets.sh                   | 39 +++++++++-
 5 files changed, 176 insertions(+), 37 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
index 858c293990..cec91cd7cf 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh
@@ -11,10 +11,52 @@ SUBNET1_PREFIX="10.10.1.0/24"
 SUBNET2_PREFIX="10.10.2.0/24"
 NSG_NAME="${VNET_A1}-nsg"
 
+verify_nsg() {
+  local rg="$1"; local name="$2"
+  echo "==> Verifying NSG: $name"
+  if az network nsg show -g "$rg" -n "$name" &>/dev/null; then
+    echo "[OK] Verified NSG $name exists."
+  else
+    echo "[ERROR] NSG $name not found!" >&2
+    exit 1
+  fi
+}
+
+verify_nsg_rule() {
+  local rg="$1"; local nsg="$2"; local rule="$3"
+  echo "==> Verifying NSG rule: $rule in $nsg"
+  if az network nsg rule show -g "$rg" --nsg-name "$nsg" -n "$rule" &>/dev/null; then
+    echo "[OK] Verified NSG rule $rule exists in $nsg."
+  else
+    echo "[ERROR] NSG rule $rule not found in $nsg!" >&2
+    exit 1
+  fi
+}
+
+verify_subnet_nsg_association() {
+  local rg="$1"; local vnet="$2"; local subnet="$3"; local nsg="$4"
+  echo "==> Verifying NSG association on subnet $subnet..."
+  local associated_nsg
+  associated_nsg=$(az network vnet subnet show -g "$rg" --vnet-name "$vnet" -n "$subnet" --query "networkSecurityGroup.id" -o tsv 2>/dev/null || echo "")
+  if [[ "$associated_nsg" == *"$nsg"* ]]; then
+    echo "[OK] Verified subnet $subnet is associated with NSG $nsg."
+  else
+    echo "[ERROR] Subnet $subnet is NOT associated with NSG $nsg!" >&2
+    exit 1
+  fi
+}
+
+# -------------------------------
+#  1. Create NSG
+# -------------------------------
 echo "==> Creating Network Security Group: $NSG_NAME"
 az network nsg create -g "$RG" -n "$NSG_NAME" -l "$LOCATION" --output none \
   && echo "[OK] NSG '$NSG_NAME' created."
+verify_nsg "$RG" "$NSG_NAME"
 
+# -------------------------------
+#  2. Create NSG Rules
+# -------------------------------
 echo "==> Creating NSG rule to DENY traffic from Subnet1 ($SUBNET1_PREFIX) to Subnet2 ($SUBNET2_PREFIX)"
 az network nsg rule create \
   --resource-group "$RG" \
@@ -30,6 +72,8 @@ az network nsg rule create \
   --output none \
   && echo "[OK] Deny rule from Subnet1 → Subnet2 created."
 
+verify_nsg_rule "$RG" "$NSG_NAME" "deny-subnet1-to-subnet2"
+
 echo "==> Creating NSG rule to DENY traffic from Subnet2 ($SUBNET2_PREFIX) to Subnet1 ($SUBNET1_PREFIX)"
 az network nsg rule create \
   --resource-group "$RG" \
@@ -45,19 +89,21 @@ az network nsg rule create \
   --output none \
   && echo "[OK] Deny rule from Subnet2 → Subnet1 created."
 
-az network vnet subnet update \
-  --name s1 \
-  --vnet-name "$VNET_A1" \
-  --resource-group "$RG" \
-  --network-security-group "$NSG_NAME" \
-  --output none
+verify_nsg_rule "$RG" "$NSG_NAME" "deny-subnet2-to-subnet1"
 
-az network vnet subnet update \
-  --name s2 \
-  --vnet-name "$VNET_A1" \
-  --resource-group "$RG" \
-  --network-security-group "$NSG_NAME" \
-  --output none
+# -------------------------------
+#  3. Associate NSG with Subnets
+# -------------------------------
+for SUBNET in s1 s2; do
+  echo "==> Associating NSG $NSG_NAME with subnet $SUBNET"
+  az network vnet subnet update \
+    --name "$SUBNET" \
+    --vnet-name "$VNET_A1" \
+    --resource-group "$RG" \
+    --network-security-group "$NSG_NAME" \
+    --output none
+  verify_subnet_nsg_association "$RG" "$VNET_A1" "$SUBNET" "$NSG_NAME"
+done
 
 echo "NSG '$NSG_NAME' created successfully with bidirectional isolation between Subnet1 and Subnet2."
 
diff --git a/.pipelines/swiftv2-long-running/scripts/create_pe.sh b/.pipelines/swiftv2-long-running/scripts/create_pe.sh
index 60488e39db..48a256a7ae 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_pe.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_pe.sh
@@ -14,34 +14,62 @@ SUBNET_PE_A1="pe"
 PE_NAME="${SA1_NAME}-pe"
 PRIVATE_DNS_ZONE="privatelink.blob.core.windows.net"
 
+# -------------------------------
+#  Function: Verify Resource Exists
+# -------------------------------
+verify_dns_zone() {
+  local rg="$1"; local zone="$2"
+  echo "==> Verifying Private DNS zone: $zone"
+  if az network private-dns zone show -g "$rg" -n "$zone" &>/dev/null; then
+    echo "[OK] Verified DNS zone $zone exists."
+  else
+    echo "[ERROR] DNS zone $zone not found!" >&2
+    exit 1
+  fi
+}
+
+verify_dns_link() {
+  local rg="$1"; local zone="$2"; local link="$3"
+  echo "==> Verifying DNS link: $link for zone $zone"
+  if az network private-dns link vnet show -g "$rg" --zone-name "$zone" -n "$link" &>/dev/null; then
+    echo "[OK] Verified DNS link $link exists."
+  else
+    echo "[ERROR] DNS link $link not found!" >&2
+    exit 1
+  fi
+}
+
+verify_private_endpoint() {
+  local rg="$1"; local name="$2"
+  echo "==> Verifying Private Endpoint: $name"
+  if az network private-endpoint show -g "$rg" -n "$name" &>/dev/null; then
+    echo "[OK] Verified Private Endpoint $name exists."
+  else
+    echo "[ERROR] Private Endpoint $name not found!" >&2
+    exit 1
+  fi
+}
+
 # 1. Create Private DNS zone
 echo "==> Creating Private DNS zone: $PRIVATE_DNS_ZONE"
 az network private-dns zone create -g "$RG" -n "$PRIVATE_DNS_ZONE" --output none \
   && echo "[OK] DNS zone $PRIVATE_DNS_ZONE created."
 
-# 2. Link DNS zone to VNet
-echo "==> Linking DNS zone $PRIVATE_DNS_ZONE to VNet $VNET_A1"
-az network private-dns link vnet create \
-  -g "$RG" -n "${VNET_A1}-link" \
-  --zone-name "$PRIVATE_DNS_ZONE" \
-  --virtual-network "$VNET_A1" \
-  --registration-enabled false \
-  && echo "[OK] Linked DNS zone to $VNET_A1."
-
-az network private-dns link vnet create \
-  -g "$RG" -n "${VNET_A2}-link" \
-  --zone-name "$PRIVATE_DNS_ZONE" \
-  --virtual-network "$VNET_A2" \
-  --registration-enabled false \
-  && echo "[OK] Linked DNS zone to $VNET_A2."
-
-az network private-dns link vnet create \
-  -g "$RG" -n "${VNET_A3}-link" \
-  --zone-name "$PRIVATE_DNS_ZONE" \
-  --virtual-network "$VNET_A3" \
-  --registration-enabled false \
-  && echo "[OK] Linked DNS zone to $VNET_A3."
+verify_dns_zone "$RG" "$PRIVATE_DNS_ZONE"
 
+# 2. Link DNS zone to VNet
+for VNET in "$VNET_A1" "$VNET_A2" "$VNET_A3"; do
+  LINK_NAME="${VNET}-link"
+  echo "==> Linking DNS zone $PRIVATE_DNS_ZONE to VNet $VNET"
+  az network private-dns link vnet create \
+    -g "$RG" -n "$LINK_NAME" \
+    --zone-name "$PRIVATE_DNS_ZONE" \
+    --virtual-network "$VNET" \
+    --registration-enabled false \
+    --output none \
+    && echo "[OK] Linked DNS zone to $VNET."
+  verify_dns_link "$RG" "$PRIVATE_DNS_ZONE" "$LINK_NAME"
+done
 
 # 3. Create Private Endpoint
 echo "==> Creating Private Endpoint for Storage Account: $SA1_NAME"
@@ -54,3 +82,6 @@ az network private-endpoint create \
   --connection-name "${PE_NAME}-conn" \
   --output none \
   && echo "[OK] Private Endpoint $PE_NAME created for $SA1_NAME."
+verify_private_endpoint "$RG" "$PE_NAME"
+
+echo "All Private DNS and Endpoint resources created and verified successfully."
\ No newline at end of file
diff --git a/.pipelines/swiftv2-long-running/scripts/create_peerings.sh b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh
index ce5cb58c19..d6655492f1 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_peerings.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh
@@ -8,6 +8,17 @@ VNET_A2="cx_vnet_a2"
 VNET_A3="cx_vnet_a3"
 VNET_B1="cx_vnet_b1"
 
+verify_peering() {
+  local rg="$1"; local vnet="$2"; local peering="$3"
+  echo "==> Verifying peering $peering on $vnet..."
+  if az network vnet peering show -g "$rg" --vnet-name "$vnet" -n "$peering" --query "peeringState" -o tsv | grep -q "Connected"; then
+    echo "[OK] Peering $peering on $vnet is Connected."
+  else
+    echo "[ERROR] Peering $peering on $vnet not found or not Connected!" >&2
+    exit 1
+  fi
+}
+
 peer_two_vnets() {
   local rg="$1"; local v1="$2"; local v2="$3"; local name12="$4"; local name21="$5"
   echo "==> Peering $v1 <-> $v2"
@@ -15,9 +26,13 @@ peer_two_vnets() {
     && echo "Created peering $name12"
   az network vnet peering create -g "$rg" -n "$name21" --vnet-name "$v2" --remote-vnet "$v1" --allow-vnet-access --output none \
     && echo "Created peering $name21"
+
+  # Verify both peerings are active
+  verify_peering "$rg" "$v1" "$name12"
+  verify_peering "$rg" "$v2" "$name21"
 }
 
 peer_two_vnets "$RG" "$VNET_A1" "$VNET_A2" "A1-to-A2" "A2-to-A1"
 peer_two_vnets "$RG" "$VNET_A2" "$VNET_A3" "A2-to-A3" "A3-to-A2"
 peer_two_vnets "$RG" "$VNET_A1" "$VNET_A3" "A1-to-A3" "A3-to-A1"
-echo "VNet peerings created successfully."
+echo "All VNet peerings created and verified successfully."
diff --git a/.pipelines/swiftv2-long-running/scripts/create_storage.sh b/.pipelines/swiftv2-long-running/scripts/create_storage.sh
index 14c230734f..540e1b16a6 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_storage.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_storage.sh
@@ -30,7 +30,17 @@ for SA in "$SA1" "$SA2"; do
   && echo "Storage account $SA created successfully."
 done
 
-echo "All storage accounts created successfully."
+# Verify creation success
+  echo "==> Verifying storage account $SA exists..."
+  if az storage account show --name "$SA" --resource-group "$RG" &>/dev/null; then
+    echo "[OK] Storage account $SA verified successfully."
+  else
+    echo "[ERROR] Storage account $SA not found after creation!" >&2
+    exit 1
+  fi
+done
+
+echo "All storage accounts created and verified successfully."
 
 # Set pipeline output variables
 set +x
diff --git a/.pipelines/swiftv2-long-running/scripts/create_vnets.sh b/.pipelines/swiftv2-long-running/scripts/create_vnets.sh
index 7363476488..eb894d06ff 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_vnets.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_vnets.sh
@@ -24,6 +24,34 @@ A3_MAIN="10.12.1.0/24"
 
 B1_MAIN="10.20.1.0/24"
 
+# -------------------------------
+# Verification functions
+# -------------------------------
+verify_vnet() {
+  local rg="$1"; local vnet="$2"
+  echo "==> Verifying VNet: $vnet"
+  if az network vnet show -g "$rg" -n "$vnet" &>/dev/null; then
+    echo "[OK] Verified VNet $vnet exists."
+  else
+    echo "[ERROR] VNet $vnet not found!" >&2
+    exit 1
+  fi
+}
+
+verify_subnet() {
+  local rg="$1"; local vnet="$2"; local subnet="$3"
+  echo "==> Verifying subnet: $subnet in $vnet"
+  if az network vnet subnet show -g "$rg" --vnet-name "$vnet" -n "$subnet" &>/dev/null; then
+    echo "[OK] Verified subnet $subnet exists in $vnet."
+  else
+    echo "[ERROR] Subnet $subnet not found in $vnet!" >&2
+    exit 1
+  fi
+}
+
+# -------------------------------
+#  Create VNets and Subnets
+# -------------------------------
 # A1
 az network vnet create -g "$RG" -n "$VNET_A1" --address-prefix 10.10.0.0/16 --subnet-name s1 --subnet-prefix "$A1_S1" -l "$LOCATION" --output none \
  && echo "Created $VNET_A1 with subnet s1"
@@ -31,17 +59,26 @@ az network vnet subnet create -g "$RG" --vnet-name "$VNET_A1" -n s2 --address-pr
  && echo "Created $VNET_A1 with subnet s2"
 az network vnet subnet create -g "$RG" --vnet-name "$VNET_A1" -n pe --address-prefix "$A1_PE" --output none \
  && echo "Created $VNET_A1 with subnet pe"
+# Verify A1
+verify_vnet "$RG" "$VNET_A1"
+for sn in s1 s2 pe; do verify_subnet "$RG" "$VNET_A1" "$sn"; done
 
 # A2
 az network vnet create -g "$RG" -n "$VNET_A2" --address-prefix 10.11.0.0/16 --subnet-name s1 --subnet-prefix "$A2_MAIN" -l "$LOCATION" --output none \
  && echo "Created $VNET_A2 with subnet s1"
+verify_vnet "$RG" "$VNET_A2"
+verify_subnet "$RG" "$VNET_A2" "s1"
 
 # A3
 az network vnet create -g "$RG" -n "$VNET_A3" --address-prefix 10.12.0.0/16 --subnet-name s1 --subnet-prefix "$A3_MAIN" -l "$LOCATION" --output none \
  && echo "Created $VNET_A3 with subnet s1"
+verify_vnet "$RG" "$VNET_A3"
+verify_subnet "$RG" "$VNET_A3" "s1"
 
 # B1
 az network vnet create -g "$RG" -n "$VNET_B1" --address-prefix 10.20.0.0/16 --subnet-name s1 --subnet-prefix "$B1_MAIN" -l "$LOCATION" --output none \
  && echo "Created $VNET_B1 with subnet s1"
+verify_vnet "$RG" "$VNET_B1"
+verify_subnet "$RG" "$VNET_B1" "s1"
 
-echo "All VNets and subnets created successfully."
+echo " All VNets and subnets created and verified successfully."

From 41edd59e0a35c8bceee592e428f7d9d87126ed3e Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Wed, 29 Oct 2025 11:09:40 -0700
Subject: [PATCH 41/45] verify storage account creation.

---
 .pipelines/swiftv2-long-running/scripts/create_storage.sh | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/scripts/create_storage.sh b/.pipelines/swiftv2-long-running/scripts/create_storage.sh
index 540e1b16a6..caefc69294 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_storage.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_storage.sh
@@ -28,9 +28,7 @@ for SA in "$SA1" "$SA2"; do
     --min-tls-version TLS1_2 \
     --query "name" -o tsv \
   && echo "Storage account $SA created successfully."
-done
-
-# Verify creation success
+  # Verify creation success
   echo "==> Verifying storage account $SA exists..."
   if az storage account show --name "$SA" --resource-group "$RG" &>/dev/null; then
     echo "[OK] Storage account $SA verified successfully."

From 4ddd3d69c4f72812640096ab1a253f4a00fec681 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Thu, 30 Oct 2025 02:53:56 -0700
Subject: [PATCH 42/45] use make tragets to create aks clusters.

---
 .../scripts/create_aks.sh                     | 88 +++++++++++--------
 hack/aks/Makefile                             | 30 +++++++
 2 files changed, 82 insertions(+), 36 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/scripts/create_aks.sh b/.pipelines/swiftv2-long-running/scripts/create_aks.sh
index f051f994a6..4ab38c0f42 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_aks.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_aks.sh
@@ -1,47 +1,63 @@
 #!/usr/bin/env bash
-set -e
+set -euo pipefail
 trap 'echo "[ERROR] Failed during Resource group or AKS cluster creation." >&2' ERR
-
 SUBSCRIPTION_ID=$1
 LOCATION=$2
 RG=$3
 VM_SKU_DEFAULT=$4
 VM_SKU_HIGHNIC=$5
 
-echo "Subscription id: $SUBSCRIPTION_ID"
-echo "Resource group: $RG"
-echo "Location: $LOCATION"
-echo "VM SKU (default): $VM_SKU_DEFAULT"
-echo "VM SKU (high-NIC): $VM_SKU_HIGHNIC"
-az account set --subscription "$SUBSCRIPTION_ID"
-
-# Enable parallel cluster creation
-create_cluster() {
-  local CLUSTER=$1
-  echo "==> Creating AKS cluster: $CLUSTER"
-
-  az aks create -g "$RG" -n "$CLUSTER" -l "$LOCATION" \
-    --network-plugin azure --node-count 1 \
-    --node-vm-size "$VM_SKU_DEFAULT" \
-    --enable-managed-identity --generate-ssh-keys \
-    --load-balancer-sku standard --yes --only-show-errors
-
-  echo "==> Adding high-NIC nodepool to $CLUSTER"
-  az aks nodepool add -g "$RG" -n highnic \
-    --cluster-name "$CLUSTER" --node-count 2 \
-    --node-vm-size "$VM_SKU_HIGHNIC" --mode User --only-show-errors
-
-  echo "Finished AKS cluster: $CLUSTER"
+CLUSTER_COUNT=2                               
+CLUSTER_PREFIX="aks"                          
+DEFAULT_NODE_COUNT=1                               
+COMMON_TAGS="fastpathenabled=true RGOwner=LongRunningTestPipelines stampcreatorserviceinfo=true"
+
+wait_for_provisioning() {                      # Helper for safe retry/wait for provisioning states (basic)
+  local rg="$1" clusterName="$2"                     
+  echo "Waiting for AKS '$clusterName' in RG '$rg' to reach Succeeded/Failed (polling)..."
+  while :; do
+    state=$(az aks show --resource-group "$rg" --name "$clusterName" --query provisioningState -o tsv 2>/dev/null || true)
+    if [ -z "$state" ]; then
+      sleep 3
+      continue
+    fi
+    case "$state" in
+      Succeeded|Succeeded*) echo "Provisioning state: $state"; break ;;
+      Failed|Canceled|Rejected) echo "Provisioning finished with state: $state"; break ;;
+      *) printf "."; sleep 6 ;;
+    esac
+  done
 }
 
-# Run both clusters in parallel
-create_cluster "aks-cluster-a" &
-pid_a=$!
-
-create_cluster "aks-cluster-b" &
-pid_b=$!
-
-# Wait for both to finish
-wait $pid_a $pid_b
 
-echo "AKS clusters created successfully!"
+for i in $(seq 1 "$CLUSTER_COUNT"); do
+  echo "=============================="
+  echo " Working on cluster set #$i"
+  echo "=============================="
+  
+  CLUSTER_NAME="${CLUSTER_PREFIX}-${i}"
+  echo "Creating AKS cluster '$CLUSTER_NAME' in RG '$RG'"
+
+  make -C ./hack/aks azcfg AZCLI=az REGION=$LOCATION
+
+  make -C ./hack/aks swiftv2-podsubnet-cluster-up \
+  AZCLI=az REGION=$LOCATION \
+  SUB=$SUBSCRIPTION_ID \
+  GROUP=$RG \
+  CLUSTER=$CLUSTER_NAME \
+  NODE_COUNT=$DEFAULT_NODE_COUNT \
+  VM_SIZE=$VM_SKU_DEFAULT \
+
+  echo " - waiting for AKS provisioning state..."
+  wait_for_provisioning "$RG" "$CLUSTER_NAME"
+
+  echo "Adding multi-tenant nodepool ' to '$CLUSTER_NAME'"
+  make -C ./hack/aks linux-swiftv2-nodepool-up \
+  AZCLI=az REGION=$LOCATION \
+  GROUP=$RG \
+  VM_SIZE=$VM_SKU_HIGHNIC \
+  CLUSTER=$CLUSTER_NAME \
+  SUB=$SUBSCRIPTION_ID \
+
+done
+echo "All done. Created $CLUSTER_COUNT cluster set(s)."
diff --git a/hack/aks/Makefile b/hack/aks/Makefile
index a5011611f9..c867ccefa0 100644
--- a/hack/aks/Makefile
+++ b/hack/aks/Makefile
@@ -285,6 +285,24 @@ swiftv2-dummy-cluster-up: rg-up ipv4 swift-net-up ## Bring up a SWIFT AzCNI clus
 		--yes
 	@$(MAKE) set-kubeconf
 
+swiftv2-podsubnet-cluster-up: ipv4 swift-net-up ## Create dummy AKS cluster to create pod and node subnets for AKS pod subnet cluster.
+	$(AZCLI) aks create -n "$(CLUSTER)" -g $(GROUP) -l $(REGION) \
+		--network-plugin azure \
+		--kubernetes-version $(K8S_VER) \
+		--nodepool-name nodepool1 \
+		--node-vm-size $(VM_SIZE) \
+		--node-count $(NODE_COUNT) \
+		--load-balancer-outbound-ips $(PUBLIC_IPv4) \
+		--no-ssh-key \
+		--vnet-subnet-id /subscriptions/$(SUB)/resourceGroups/$(GROUP)/providers/Microsoft.Network/virtualNetworks/$(VNET)/subnets/nodenet \
+		--pod-subnet-id /subscriptions/$(SUB)/resourceGroups/$(GROUP)/providers/Microsoft.Network/virtualNetworks/$(VNET)/subnets/podnet \
+		--service-cidr "10.0.0.0/16" \
+		--dns-service-ip "10.0.0.10" \
+		--tags fastpathenabled=true RGOwner=LongRunningTestPipelines stampcreatorserviceinfo=true \
+		--http-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/NetworkingMultiTenancyPreview \
+		--yes 
+	@$(MAKE) set-kubeconf
+
 # The below Vnet Scale clusters are currently only in private preview and available with Kubernetes 1.28
 # These AKS clusters can only be created in a limited subscription listed here:
 # https://dev.azure.com/msazure/CloudNativeCompute/_git/aks-rp?path=/resourceprovider/server/microsoft.com/containerservice/flags/network_flags.go&version=GBmaster&line=134&lineEnd=135&lineStartColumn=1&lineEndColumn=1&lineStyle=plain&_a=contents
@@ -424,6 +442,18 @@ windows-swift-nodepool-up: ## Add windows node pool
 		--subscription $(SUB) \
 		--pod-subnet-id /subscriptions/$(SUB)/resourceGroups/$(GROUP)/providers/Microsoft.Network/virtualNetworks/$(VNET)/subnets/podnet
 
+linux-swiftv2-nodepool-up: ## Add linux node pool to swiftv2 cluster
+	$(AZCLI) aks nodepool add -g $(GROUP) -n nplinux \
+		--node-count $(NODE_COUNT) \
+		--node-vm-size $(VM_SIZE) \
+		--cluster-name $(CLUSTER) \
+		--os-type Linux \
+		--max-pods 250 \
+		--subscription $(SUB) \
+		--tags fastpathenabled=true,aks-nic-enable-multi-tenancy=true \
+		--http-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/NetworkingMultiTenancyPreview \
+		--pod-subnet-id /subscriptions/$(SUB)/resourceGroups/$(GROUP)/providers/Microsoft.Network/virtualNetworks/$(VNET)/subnets/podnet
+
 down: ## Delete the cluster
 	$(AZCLI) aks delete -g $(GROUP) -n $(CLUSTER) --yes
 	@$(MAKE) unset-kubeconf

From 8690ca3ef366904373aed30b9cc178102f9c2776 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Thu, 30 Oct 2025 02:55:01 -0700
Subject: [PATCH 43/45] misc.

---
 hack/aks/Makefile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/hack/aks/Makefile b/hack/aks/Makefile
index c867ccefa0..4bb8102061 100644
--- a/hack/aks/Makefile
+++ b/hack/aks/Makefile
@@ -285,7 +285,7 @@ swiftv2-dummy-cluster-up: rg-up ipv4 swift-net-up ## Bring up a SWIFT AzCNI clus
 		--yes
 	@$(MAKE) set-kubeconf
 
-swiftv2-podsubnet-cluster-up: ipv4 swift-net-up ## Create dummy AKS cluster to create pod and node subnets for AKS pod subnet cluster.
+swiftv2-podsubnet-cluster-up: ipv4 swift-net-up ## Bring up a SWIFTv2 PodSubnet cluster
 	$(AZCLI) aks create -n "$(CLUSTER)" -g $(GROUP) -l $(REGION) \
 		--network-plugin azure \
 		--kubernetes-version $(K8S_VER) \

From 9548e51a84338e6424075e212d28b70a3fc61175 Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Thu, 30 Oct 2025 03:09:23 -0700
Subject: [PATCH 44/45] set aks custom headers.

---
 hack/aks/Makefile | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/hack/aks/Makefile b/hack/aks/Makefile
index 4bb8102061..de3163e3ac 100644
--- a/hack/aks/Makefile
+++ b/hack/aks/Makefile
@@ -299,7 +299,7 @@ swiftv2-podsubnet-cluster-up: ipv4 swift-net-up ## Bring up a SWIFTv2 PodSubnet
 		--service-cidr "10.0.0.0/16" \
 		--dns-service-ip "10.0.0.10" \
 		--tags fastpathenabled=true RGOwner=LongRunningTestPipelines stampcreatorserviceinfo=true \
-		--http-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/NetworkingMultiTenancyPreview \
+		--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/NetworkingMultiTenancyPreview \
 		--yes 
 	@$(MAKE) set-kubeconf
 
@@ -451,7 +451,7 @@ linux-swiftv2-nodepool-up: ## Add linux node pool to swiftv2 cluster
 		--max-pods 250 \
 		--subscription $(SUB) \
 		--tags fastpathenabled=true,aks-nic-enable-multi-tenancy=true \
-		--http-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/NetworkingMultiTenancyPreview \
+		--aks-custom-headers AKSHTTPCustomFeatures=Microsoft.ContainerService/NetworkingMultiTenancyPreview \
 		--pod-subnet-id /subscriptions/$(SUB)/resourceGroups/$(GROUP)/providers/Microsoft.Network/virtualNetworks/$(VNET)/subnets/podnet
 
 down: ## Delete the cluster

From d2d139138e623928533011f3a7ff890003594a0e Mon Sep 17 00:00:00 2001
From: sivakami <sivakamis@microsoft.com>
Date: Thu, 30 Oct 2025 09:43:56 -0700
Subject: [PATCH 45/45] Use aks common field in swiftv2-podsubnet-cluster
 creation.

---
 .pipelines/swiftv2-long-running/scripts/create_pe.sh | 2 +-
 hack/aks/Makefile                                    | 6 +-----
 2 files changed, 2 insertions(+), 6 deletions(-)

diff --git a/.pipelines/swiftv2-long-running/scripts/create_pe.sh b/.pipelines/swiftv2-long-running/scripts/create_pe.sh
index 48a256a7ae..c9f7e782e0 100644
--- a/.pipelines/swiftv2-long-running/scripts/create_pe.sh
+++ b/.pipelines/swiftv2-long-running/scripts/create_pe.sh
@@ -84,4 +84,4 @@ az network private-endpoint create \
   && echo "[OK] Private Endpoint $PE_NAME created for $SA1_NAME."
 verify_private_endpoint "$RG" "$PE_NAME"
 
-echo "All Private DNS and Endpoint resources created and verified successfully."
\ No newline at end of file
+echo "All Private DNS and Endpoint resources created and verified successfully."
diff --git a/hack/aks/Makefile b/hack/aks/Makefile
index de3163e3ac..5e1c8f3f9b 100644
--- a/hack/aks/Makefile
+++ b/hack/aks/Makefile
@@ -286,14 +286,10 @@ swiftv2-dummy-cluster-up: rg-up ipv4 swift-net-up ## Bring up a SWIFT AzCNI clus
 	@$(MAKE) set-kubeconf
 
 swiftv2-podsubnet-cluster-up: ipv4 swift-net-up ## Bring up a SWIFTv2 PodSubnet cluster
-	$(AZCLI) aks create -n "$(CLUSTER)" -g $(GROUP) -l $(REGION) \
+	$(COMMON_AKS_FIELDS) 
 		--network-plugin azure \
-		--kubernetes-version $(K8S_VER) \
 		--nodepool-name nodepool1 \
-		--node-vm-size $(VM_SIZE) \
-		--node-count $(NODE_COUNT) \
 		--load-balancer-outbound-ips $(PUBLIC_IPv4) \
-		--no-ssh-key \
 		--vnet-subnet-id /subscriptions/$(SUB)/resourceGroups/$(GROUP)/providers/Microsoft.Network/virtualNetworks/$(VNET)/subnets/nodenet \
 		--pod-subnet-id /subscriptions/$(SUB)/resourceGroups/$(GROUP)/providers/Microsoft.Network/virtualNetworks/$(VNET)/subnets/podnet \
 		--service-cidr "10.0.0.0/16" \