Questions tagged as ['aks']
I found a template for deploying AKS using Azure template.
The template link
When I try to run it, it is showing a form field to provide existing CIDR.
Is there anyway to keep a drop down so that we can opt for either to create a new vnet or use an exsting one, based on that it should hide out the remaining fields and create a vnet.
Please suggest how to achieve this.
Azure Kubernetes - AKS - K8s version - 1.20.9.
Trying to setup multiple nginx ingress with Internal LB.
ingress controller with ingress-class -
helm install test1 ingress-nginx/ingress-nginx \
--set controller.replicaCount=1 \
--set controller.nodeSelector."beta\.kubernetes\.io/os"=linux \
--set defaultBackend.nodeSelector."beta\.kubernetes\.io/os"=linux \
--set controller.ingressCla ...
We have our database either in aws rds or azure postgres or even on a different online server based on customer.
But our product will be running in azure kubernetes as a pod and service with database details in configmap.
Before we launch our app, it is mandatory that an sql file should be running in the database as preconfiguration.
What is the best approach we can set it so that we can automate this? ...
I have setup a private cluster in azure kubernetes.
Due to which, the helm charts are failing to install.
error details:
Error: INSTALLATION FAILED: Kubernetes cluster unreachable: Get "https://testingcluster-dns-827dc1c4.10357f00-62ec-4f3f-a2b0-6d86ccd26901.privatelink.centralindia.azmk8s.io:443/version?timeout=32s": dial tcp: lookup testingcluster-dns-827dc1c4.10357f00-62ec-4f3f-a2b0-6d86ccd26901.priv ...
I've created a private cluster on AKS and deployed some workloads to it, but I'm not sure how to connect to the services. They are all NodePort services, both TCP & UDP.
Initially, I thought that the endpoint AKS provides could be used to interact with the cluster as a whole, but this isn't the case -- this only exposes the Kubernetes API (probably why they call it the API endpoint)
I also tried ...
I am trying to connect to cluster and create a namespace using github actions. And then doing the deployment using the yaml files saved in repository. Also, the acr container registry is being used here and creating a tag everytime using the short-ID of github commit. How to update the deployment to use the new tag once the push is completed.
The below run task is using static yaml files only.
name: D ...I am trying to connect to cluster and create a namespace using github actions. For that, I tried these steps.
In the link shared above, I first retrieved the azure service principal for connecting aks.
az ad sp create-for-rbac --name "myApp" --role contributor --scopes /subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP> --sdk-auth
And then, proceeded with the steps. But, d ...
I have installed consul helm repository to default namespace. Now, want to change it to a custom namespace.
So, deleted the help chart using helm uninstall command. Now, when I try to install again, getting error as CRDs are already configured earlier, need to cleanup them.
So, ran the below command to check the CRDs.
kubectl get CustomResourceDefinition --all-namespaces
NAME ...
I am trying to create Azure k8s cluster via terraform using Azure Devops.
terraform apply is failing with below error, i have tired using the below parameter referring https://registry.terraform.io/providers/hashicorp/azurerm/latest/docs/resources/kubernetes_cluster#automatic_channel_upgrade
resource "azurerm_kubernetes_cluster" "aks_cluster" {
name =
location ...
In our environment we have Primary AKS cluster running in West Europe and we have ACR in the same region. But now we are setting up a DR instance of AKS cluster in the North region. Only AKS cluster only will be planning to provision in the DR region and need to use the geo replicated instance of ACR for the secondary region AKS cluster.
By going through the different articles in the internet, co ...
In that ingress section of AKS, we can add routes to multiple application but all having container port as 80 only. With Ingress, our application is using port 8080. But with ingress, even if I keep servicePort as 8080, it is not working.
Like, adding routes to multiple apps with different ports for their service.
apiVersion: networking.k8s.io/v1beta1
kind: Ingress
metadata:
name: nginxapp1-ingress- ...
When going through the setup of a K8 ingress controller, which is documented here
I am unable to get past the step of "Create an Ingress Controller" During the Helm command step and placing the command in debug mode, I see there is a timeout on one of the steps:
failed pre-install: timed out waiting for the condition
After reviewing the K8 POD logs, I found that the K8 system is unable to connect to the ...
I'm trying to configure a Load Balancer for my AKS server using Bicep/ARM. I am using the NGinx Ingress Controller in kubernetes and it does seem to work but when I first spin things up I am encountering an error.
Mainly I'm wondering what is the equivalent ARM or Bicep template for this step in the Azure documentation?
https://docs.microsoft.com/en-us/azure/aks/static-ip#create-a-service-using-the- ...
We are seeing a very strange issue using Azure Loadbancer with AKS.
We have a website that accepts WebSocket connections. this goes from client to AZ Loadbalancer and into the website itself inside AKS.
In our stress test app, we spawn 10k websocket connections. they all connect. If we then non-gracefully stop the connections, then we see an initial drop of connections between the loadbalancer and t ...
In the eks, kubernetes provided by aws, every service is assigned a DNS name we can connect with if we set them as LoadBalancer type.
But with aks, kubernetes provided by azure, the service is assigned with a public IP if we set them as LoadBalancer type.
Is there anyway to assign DNS name to azure services?
I have a weird use case, where a pod running in Azure Kubernetes needs to route traffic from specific ports to specific targets through a dedicated VPN tunnel. But those targets are private IPs and therefore can have the same IP for different targets. The pod besides routing is also the OpenVPN Server where the targets connect to. An example:
Communications arriving at port 10 are routed to IP 10 ...
I'm trying to use secrets from Azure Key Vault in my Kubernetes deployment as env variables and I'm struggling to do so. I'm using Azure pod identity and the secrets get mounted to the file and that works, however I want them to be accessible as env variables.
Here is my secrets.yml file:
apiVersion: secrets-store.csi.x-k8s.io/v1alpha1
kind: SecretProviderClass
metadata:
name: azure-kvname
spec:
p ...I'm setting up a cross AZ AKS cluster. I would like to simulate a failure of an AZ to test the behaviour of cluster and application after such an event.
What would be the best way of doing this?
I have installed azure kubernetes with azure policy enabled. I followed the steps in the getting started guide of consul as is: link
But when the consul is deployed, the pods are not deployed.
When I checked the replicaset, the error is as below.
Events:
Type Reason Age From Message
---- ------ ---- ---- ...With the dev account got from my employer, the azure policy is getting enabled by default.Even if I disable that, after 2 or 3 min, it is getting enabled again.
This is the policy page of kubernetes
Because of this policy, not able to deploy any containers, the deployment is created but when we describe the replicaset, it is showing error as containers are not getting created due to root access.So we dep ...
With the azure policy addon enabled(as per organization policy), we can’t create privileged containers on the aks, azure kubernetes.
Our application is set to security context as below.
securityContext:
allowPrivilegeEscalation: false
runAsNonRoot: true
runAsUser: 999
So our app can create without privileged access. But, when linked with consul(through annotations), the cons ...
I have deleted the old clusters by deleting the resource group completely. But when I try to create a new cluster, I am getting error as limit exceeded.
As you can see in the below error.
{"code":"InvalidTemplateDeployment","message":"The template deployment 'microsoft.aks-20210803135741' is not valid according to the validation procedure. The tracking id is '979df053-50fa-4201-9643-5f3029e0b43d' ...
I have followed the steps mentioned in the link
Came till the deployment part, last before step.
After deployment, the pods status is stuck at creation.
kubectl get pods --watch
NAME READY STATUS RESTARTS AGE
devwebapp 0/2 Init:0/1 0 2m11s
nginx-6799fc88d8-9xnqv 1/1 Running 1 98m
vault-0 ...I have followed the walkthrough provided in this link
And at step 6, I have tried to create a pod with the volume linked to the keyvault.
But it is not able to access the volume.
kubectl get pods
NAME READY STATUS RESTARTS AGE
busybox-secrets-store-inline 0/1 ContainerCreating 0 27s
csi-csi-secrets-store-provi ...I have deployed application in kubernetes. It is working if we expose to a default load balancer service in azure kubernetes. But, after setting a virtual service linked with istio ingress gateway, it is launching only the home page, none of the links are working like /admin /login.
I have added entries for /admin and /login already in virtual service but it is not opening those pages.
kiali launche ...
I am trying to configure ingress gateway for consul deployed in AKS.
As per their documentation , I have created a sample deployment and ingress gateway to it.
yaml files: github
kubectl apply -f static-app/
I changed the static app service from CluserIP to LoadBalancer and can get the page using http://<LB_IP>
But, with ingress gateway, I can access only by adding the header as below:
curl -H " ...
We have 2 AKS clusters (not private) deployed in West Europe and East US, without availability zones, Azure CNI networking, Azure network policy (not calico), and everything is provisioned with Terraform.
We are trying to set up an infrastructure for MongoDB replica sets, something similar to this article: https://docs.couchbase.com/operator/2.0/tutorial-remote-dns.html
We need pods in each cluster ...
I have two subscriptions under my account. When I check today, the balance is low in my subscription where I deployed the cluster.
So, I click on change subscription option and selected the second subscription in my account.
But, getting below error.
{"code":"ResourceMoveValidationFailed","message":"The resource batch move request has '1' validation errors. Diagnostic information: timestamp '20210708T074 ...
Have Configured OAuth2-OpenID Connect Single-Sign-On using WSO2 Identity Server-5.10.0 with my web application in Kubernetes setup.
While logging into web application, when we click on forgot username/password link in SSO login page, Url is appending with portnumber 9443- https://wso2is:9443/accountrecoveryendpoint/recoveraccountrouter.do?client_id, after removing portnumber manually from the url, page ...
In Our AKS, found high severity alerts related to this in Azure Security Center.
What is CAPSYSADMIN meant for? Is the pods by default enabled with this property? Because we didnt specifically enabled it in our AKS? Then what will be the reason for this alert ? And how can we remediate this alert?