OpenVPN client for kubernetes azure - azure

I have an azure app service running. I need to use the functions in this app servie from the kubernetes pod which have an API to call the function in App service. The app service has restrictions.
I have tried giving access to IP of pod by whitelisting it in app service but unable to access .Can we set a VPN in the pod which can allow the access to azure App service. I am new to kubernetes please mention the ways to achieve it.
Thanks in Advance

• I would suggest you use the Azure Arc environment in AKS for accessing the app service deployed in a pod in AKS. Through Azure Arc enabled AKS, you will be able to enable threat protection and apply policy definitions effectively. To deploy the Azure Arc, you will need to install the Azure CLI extensions as given below and connect the AKS cluster to Azure Arc. Then deploy the log analytics workspace in the same resource group to monitor and log the activity of the applications deployed on the AKS cluster. Then install the required app service extensions in the Azure Arc and create a custom location in Azure to assign the App Service Kubernetes environment.
• Once done, you will have to create an App Service Kubernetes environment and then create your app service in it in the custom location as defined earlier. Then, you can deploy your required application code in the app service already created. In this way, you can deploy an app service in AKS cluster using the Arc extension resource which helps in restricting the pod communication through allowed IP addresses and restricted IP addresses.
• For more details, kindly refer to the link below which describes in detail the deployment of Azure Arc in AKS cluster: -
https://techcommunity.microsoft.com/t5/apps-on-azure-blog/app-service-on-kubernetes-with-azure-arc/ba-p/2867959

Related

How to Access Local IP url from Azure Kubernetes service?

I have a Kubernetes service running in Azure (AKS - Azure Kubernetes Service). It runs with the external IP. I am trying to access another service that is running in my local machine from Azure AKS.
for ex: http://:9089 (Not able to access from Azure AKS)
Is there any way where I can access my local URL from Azure AKS? Kindly help.
You could use DynDNS or just deploy your service to another namespace within the existing AKS.

What are the advantages of using Azure App Service to deploy a docker application instead of Azure Container Instance?

What are the advantages of using Azure App Service to deploy a docker application instead of Azure Container Instance?
I found out that Azure Container instances don't have any networking-related capabilities in terms of restricting app access. Are there any more advantages of using Azure App Service to deploy a container?
There are many advantages of using Azure app service over azure container instance
Azure app service is PAAS(platform as a service) on the other side azure container the instance is an IAAS(infrastructure as a service).
In azure app service directly integration of custom domain is available
Integration with the application gateway to handle the traffic load
It offers auto-scaling and high availability.
Automated deployments from GitHub, Azure DevOps, or any Git repo to support a continuous deployment model
Host background jobs(Web Jobs)

Kubernetes + Docker container pod on AKS blocking external endpoint

We have an AKS cluster on Azure and an endpoint on Azure App Service.
Calls are being initiated from a service (exposing a deployed app) on AKS to an App on Azure App Service (Public URL)
When deploying to Azure App Service, the application goes down in order to deploy, meanwhile calls are still being initiated from the AKS micro-service.
The AKS service starts throwing exceptions that the endpoint is not available which is normal. but when the Azure App service is up again the AKS service still throws the same error even when the app is online again and serving other services successfully. it is like the AKS is caching the error.
In order to fix it I have to kill all the living pods of the faulty micro-service and then scaling it back out again.
Can someone please guide me on why is this happening and how can I prevent this in future deployments?

Function App Deployment Failed - The remote server returned an error: (403) Forbidden

Deploying to an existing storage account on a subnet with service endpoints for Microsoft.EventHub, Microsoft.KeyVault, Microsoft.Storage and Microsoft.Web.
Storage account is on a selected vnet:
It looks like you want to restrict access to your storage account from your function app in a virtual network. If so, you need to enable the storage account endpoint in a subnet and enable your function app to integrate with that subnet. Your function app should host on an app service plan which supports virtual network. For more details, you could see the Integrate your app with an Azure Virtual Network.
Moreover, you could refer to this ARM template to finish most of the work. In this case, you will deploy a regional-vnet-integration and a storage account in the same region as the app service.
If you just enable the storage account service endpoint to this subnet but do not want to integrate your function app with this subnet, you need to allow possible outbound IPs of your function app in the firewall of the storage account. Also, the function app and storage account should be in a different region in this scenario.
Feel free to let me know if you have any question.
I set 'WEBSITE_CONTENTOVERVNET' to 1 in my app settings and that worked for me to deploying a logic app.
https://learn.microsoft.com/en-us/azure/azure-functions/functions-app-settings#website_contentovervnet
After fixing 403 error, I got 503 Service unavailable when deploying the zip file to the logic app.
The reason why the zip deployment failed is the fileshare in the storage account was not created when the logic app was deployed.
For a temporary fix, just create a file share before deploying the logic app.
A MS support ticket is created and hopefully they will fix it soon!

Azure Web App for Containers networking VNET

I'm exploring Azure but unable to figure out how to allow my App service to connect to the VNET I created so it can access the HDInsight cluster.
My scenario is this, I'm running a Kafka HDInsight cluster deployed in the VNET I created and I need to also deploy my Azure Web App for Container in the same VNET so it can connect to the Kafka brokers.
I haven't seen a good documentation on this, need help on how to set the Azure app service to connect to my VNET over a private network?
The Network is disabled (don't know why) on my App service.
Thanks
VNET integration is not available yet for Web App for Containers or App service on Linux. Please follow the UserVoice request for updates on when it will be supported.
https://feedback.azure.com/forums/169385-web-apps/suggestions/32534479--linux-enable-vnet-integration-for-app-service-on

Resources