azureArchived
11 messages
Archive: https://archive.sweetops.com/azure/
Padarnover 5 years ago
Hi all, we are trying to setup a private AKS cluster, but we want to have a public DNS resolver: We have a VPN in a peered vnet, but by default private AKS make only a private DNS zone so we cannot access the cluste
Pierre-Yvesover 5 years ago(edited)
hello @Padarn, luckily for you I have setup a private AKS.
be sure to have follow the steps below
`
https://docs.microsoft.com/en-us/azure/aks/private-clusters
be sure to have follow the steps below
`
By default, when a private cluster is provisioned, a private endpoint (1) and a private DNS zone (2) are created in the cluster-managed resource group. The cluster uses an A record in the private zone to resolve the IP of the private endpoint for communication to the API server.
The private DNS zone is linked only to the VNet that the cluster nodes are attached to (3). This means that the private endpoint can only be resolved by hosts in that linked VNet. In scenarios where no custom DNS is configured on the VNet (default), this works without issue as hosts point at 168.63.129.16 for DNS that can resolve records in the private DNS zone because of the link.
In scenarios where the VNet containing your cluster has custom DNS settings (4), cluster deployment fails unless the private DNS zone is linked to the VNet that contains the custom DNS resolvers (5). This link can be created manually after the private zone is created during cluster provisioning or via automation upon detection of creation of the zone using event-based deployment mechanisms (for example, Azure Event Grid and Azure Functions).https://docs.microsoft.com/en-us/azure/aks/private-clusters
Pierre-Yvesover 5 years ago(edited)
do you use ACI container instance deployed with Terraform ?
deploying a new image requires to delete the container and recreate it ... also it's not handy to provide a build id to terraform at each dev code release => which implies an infrastructure terraform release .
currently my CICD pipeline calls az script .. but I want to avoid it..
do you have any solution ? or experience to share ?
deploying a new image requires to delete the container and recreate it ... also it's not handy to provide a build id to terraform at each dev code release => which implies an infrastructure terraform release .
currently my CICD pipeline calls az script .. but I want to avoid it..
do you have any solution ? or experience to share ?
Padarnover 5 years ago
Another beginner Azure networking question
Padarnover 5 years ago
it is possible to create a private link for an arbitrary resource in one vnet, to exist in another vnet?
Padarnover 5 years ago
so resource is in vnet 1, but vnet 2 only accesses it via an IP in the CIDR of vnet 2
Pierre-Yvesover 5 years ago
is there a way to install on Azure "HCS hashicorp consul service" by Terraform ?
Padarnabout 5 years ago
Hey all, we are creating a nodepool for our AKS cluster via terraform. We enable autoscaling and set min count to 0. When the pool is created it seems it will not auto scale even when there is demand for that pool.
It is fixed if I manually scale it to 1 and then re enable the autoscaling
It is fixed if I manually scale it to 1 and then re enable the autoscaling
Padarnabout 5 years ago
Is it possible to view logs of the autoscaler? Not sure where to start debugging
Pierre-Yvesabout 5 years ago
@Padarn @geertn should I set up a big azurerm_log_analytics_workspace for all logs or smaller one per application as you mentioned in the post above ?
Pierre-Yvesabout 5 years ago(edited)
My private cluster is deployed through azure devops.
But once I have to create namespace and rbac from AzureDevops , terraform raise the errors for namespace and rbac:
did it then require a vm working as a gateway for deployment to the private cluster?
or may be a network connectivity tricks from azure devops to aks ?
But once I have to create namespace and rbac from AzureDevops , terraform raise the errors for namespace and rbac:
Error: Post "<http://localhost/apis/rbac.authorization.k8s.io/v1/clusterrolebindings>": dial tcp [::1]:80: connect: connection refused
Error: Post "<http://localhost/apis/rbac.authorization.k8s.io/v1/clusterrolebindings>": dial tcp [::1]:80: connect: connection refuseddid it then require a vm working as a gateway for deployment to the private cluster?
or may be a network connectivity tricks from azure devops to aks ?