Closed. This question is not about programming or software development. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 months ago.
Improve this question
I am trying to setup a private AKS cluster which I want to manage from a user laptop using kubectl. I have tried to create a simple setup with one vNET, Azure VPN gateway with OpenVPN configuration, where the VPN Gateway is attached to one subnet of the vNET and AKS is configured via Azure CNI to live in another subnet of the same vNET. I have expected that this is all I would need to get manage the cluster as long as I am connected to the VPN (I understood that all subnets on a vNET are routed by default). But when I try to use kubectl I get Unable to connect to the server: dial tcp: lookup : no such host My network knowledge does not go too deep unfortunately, but should this just work? I mean it all lives within the same vNET. Thank you.
My setup is very similar and I ran into the same situation. This was a DNS issue for me.
If you have a private DNS zone with your private AKS cluster (should be in the resource group which was created for the AKS private cluster), go find the DNS record and IP address for the API server. Put that IP address into your hosts file (/etc/hosts if on linux or WSL) with the fully qualified domain name, then try your kubectl commands again.
Related
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 9 months ago.
Improve this question
I am using Azure App Service with P1V3 App Services Plan so that I can make use of Private Endpoint and vNET integration. vNET integration is configured on a subnet with NAT Gateway attached.
When my application calls outbound, my goal is to control the outbound IP and my expectation is, it should show the NAT ip as outbound ip. But, it does not! Here is my sample code-
App (.Net Core 3.1) is deployed in app service and I see IPV6 as outbound ip? Any idea why I am not seeing IPV4 (NAT ip)? You can see the result by accessing this url- https://whois.aspnet4you.com/api/values/getclientipv2
This is the network configuration at the moment-
Subnet looks like-
Outgoing ip showing here-
I want to give credit to Sakaldeep Yadav for his blog post- https://www.linkedin.com/pulse/integrate-azure-web-app-nat-gateway-vnet-get-static-outbound-yadav/
Here is what I did to solve the issue-
Add vNET Integration to app service as you do normally.
Removed all the services from Endpoint Service section at the Subnet. This was the culprit! If you add services to endpoint service specially Microsoft.Web, traffic is routed through Azure backbone and as RithwikBojja-MT explained you get to see ipv6 as outbound address.
This is how your subnet should look like- you don't manually add subnet delegation, it is added when you add the subnet to app service vNet integration. Now I can see NAT ip as outbound ip. Try it- https://whois.aspnet4you.com/api/values/getclientipv2
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I have Ubuntu running on a Microsoft Azure's virtual machine. I have a docker container running on it, and it has a web server attached to it. (Running on 172.17.0.1:80)
Now I'm trying to make it accessible publicly, using the Azure's public IP
In the Networking settings, I have tried to create an inbound port rule
But it's not working...
I've tried tracert to see where my ping goes when I try to connect to the IP, with no result.
I've done basic port routing in the past, but I can't figure out why this one is not working...
I just want to type 13.94.212.10 on my personal connection, and access the website.
Thank you in advance
If you want to access the application on your Azure VM publicly with its public Ip address.
You could whitelist you client public IP in the NSG rule like, add the client public IP in the Source IP addresses.
Please note that
If you specify an address for an Azure resource, specify the private
IP address assigned to the resource. Network security groups are
processed after Azure translates a public IP address to a private IP
address for inbound traffic, and before Azure translates a private IP
address to a public IP address for outbound traffic.
Read https://learn.microsoft.com/en-us/azure/virtual-network/network-security-groups-overview#security-rules
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
How do I change my Azure website from using a dynamic IP address to a static IP address?
I want a static IP address that never changes.
I evidently do not have a virtual machine, as illustrated below.
App Service is a PaaS (Platform as a Service) Offering. In PaaS, you don't have access to the server.
The Virtual Machine screenshot that you have shared in of Infrastructure as a Service (IaaS) type. So, App Services will not have IaaS - Virtual Machines and that's the reason why the VMs listing (in your question) is empty.
Now, coming to you question of a Static IP for your app. You can find it in the Custom Domains section of App Service as shown below.
And, this IP Address will change ONLY when you change (especially degrade from a higher tier to lower tier) the App Service Plan. If it doesn't change then you are lucky enough. But, Microsoft doesn't guarantee that it retains the IP Address if you change the App Service Plan's tier.
Another point to note is that you might see the same IP Address for another App Service too. that's completely fine and it works well even if you want to map your own domain to this App Service.
Update:
When the App Service makes calls to another external end point, then it uses altogether another set of IP Addresses called Outbound IP Addresses which could be found in the Properties blade as shown below.
So, you need to share ALL the IP Addresses that are under Additional Outbound IP Addresses to the external WebService team for whitelisting. This way, your problem will be resolved.
Let me know of it makes sense now.
Update2:
For App Service, We can't create & assign a separate Static IP explicitly. If you need a static IP for some reason, then you have to choose Virtual Machines and then assign a Static IP Address to that VM and use the VM to deploy the Website.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 2 years ago.
Improve this question
I am working on an architecture on azure where I need to create 3 private subnets where I have a bunch of vms with private address only and no public address but I want them to contact outside for updates and all but none in outside world can contact them (normal private subnet thing). In aws it is really easy as we just have to define a nat gateway and place it in public subnet also there are bunch of information on internet on how to do it but almost nothing for Azure. May be there is no concept or terminology like different subnets on Azure.
How I am planning to do it on Azure
Make a nat gateway and attach
to all private subnets.
Define a NSG where I will only define
outbound traffic to 0.0.0.0/0 and no inbound from it.
Default routes
Is this the right way to do it? any suggestions?
I believe you can attach a NAT Gateway to the Vnet and the outbound network flow will automatically default to the NAT gateway without requiring any other changes.
From one of the Azure NAT Gateway pages:
NAT gateways are defined with a property on a subnet within a virtual network. Flows created by virtual machines on subnet subnetname of virtual network vnetname will use the NAT gateway. All outbound connectivity will use the IP addresses associated with natgatewayname as the source IP address.
So, if the documentation is accurate, you should only have to create the NAT Gateway, associate it to the subnet(s) and the outbound flows will automatically use the NAT Gateway for outbound.
Closed. This question does not meet Stack Overflow guidelines. It is not currently accepting answers.
This question does not appear to be about a specific programming problem, a software algorithm, or software tools primarily used by programmers. If you believe the question would be on-topic on another Stack Exchange site, you can leave a comment to explain where the question may be able to be answered.
Closed 5 years ago.
Improve this question
Here is what I am trying to achieve:
I created two Linux VMs in same virtual network (same subnet)
These two VMs don't any public IP address. For security, I don't want to have any public IP associated with them.
However, I need ssh into those VMs. Since, they just have private IP and not public IP addresses, I am setting up a load balancer with public IP.
Now I am using inbound NAT rules to redirect SSH traffic to those VMs.
When I add first NAT rules, it gives me a choice to choose VM to where I want to redirect the traffic to. So all is good so far.
However, when I try to add one more NAT rule, portal UI doesn't provide me any option to choose other VM. It adds the rule against the same VM.
Is there anything am I missing? Is it supposed to work differently? I also tried add multiple virtual machines to backend pool. That also doesn't let me add more than one VM.
Should I put two VMs in VM Scaleset or Availability set?
In Azure, we can use Load balancer with a single standalone VM, also we can use Load Balancer with multiple VMs in an availability set.
If you want to use Load Balancer NAT to multiple VMs, we should re-create VMs in same availability set.
In Azure Resource Module, we can delete VMs and keep the VHD, then use PowerShell to create VMs in the same availability set. (Re-create)