Azure pods app connect to MSSQL server installed in Azure VM - azure

I have AZ VM window which installed MSSQL
I created cluster in AZ K8S, then create the pod with image - application run with embedded tomcat using MSSQL connect to private IP of the above VM. The container in the pod start with error: can not connect to that private IP of MSSQL
I can access to that private IP from my local machine (using VPN), so is there any way/config to make pod can connect to that VM using private IP ? since it's same infrastructure, I dont why it cannot connect
(I am newbie with Azure)
Thanks alot

For your requirement, I don't know how do you deploy the VM and the AKS cluster. So I give the solutions for the two situations:
AKS cluster with the network type kubelet:
VM in VNet A and AKS in VNet B
create a service with the internal load balancer for the pod, and then peer the VNet A and B
VM and AKS in the same VNet
create a service with the internal load balancer for the pod
AKS cluster with the network type CNI
VM in VNet A and AKS in VNet B
peer the VNet A and B
VM and the AKS in the same VNet
you don't do anything, it should work
All of the above solutions need you to check the NSG rules between the VM and the AKS cluster pod. You need to allow the inbound traffic to the VM with the MSSQL port.

Related

Cannot connect to Azure SQL database from Azure Container Instance in different subnets

I have an Azure Container Instance (ACI) and an Azure SQL database.
I'm having problems when I try to connect the ACI to the SQL
Infrastructure looks like this:
One vnet with two subnets.
The ACI has a private IP in subnet1.
The SQL has a private endpoint in subnet2.
Subnet1 has Microsoft.ContainerInstance/containerGroups configured under subnet delegation.
No NSG between the subnets.
Routing tables connected to the subnets routes traffic within the vnet.
The log in the ACI complains about not beeing able to connect to the database on port 1433.
What am I missing?
Turned out that the problem was DNS.
ACI doesn't use the DNS servers configured on the vnet so you have to configure DNS for the ACI:
How to get Azure Container Instances using my DNS server?

Kubernetes pod failed to connect to external service

I have an Azure Kubernetes Cluster Running with Azure CNI (virtual network) as the Network. The cluster is running on 1 subnet of the network.
On another subnet, I have a Virtual Machine running as it has a private IP of 10.1.0.4.
Now I have a pod in the K8S cluster, which is trying to connect with the Virtual Machine. But it's not able to do so.
Also, the ping 10.1.0.4 from inside the pod gives a timeout.
Please help me to figure out, what I am doing wrong so that I can connect the Pod with the VM.
• You cannot directly create communication between an AKS cluster pod and a Virtual Machine as the IP assigned to a pod/node in an AKS cluster is a subset range of the address space of the higher CIDR IP address range assigned while deploying the cluster. And communication within the cluster between the nodes is uninterrupted and possible readily. But the same with resources other AKS is restricted as they are governed by Azure CNI framework policy which directs the Kubernetes cluster to direct traffic outbound of the cluster in a regulated and conditional way.
• Thus, the above said can only be achieved by initiating intermediate services such as an internal load balancer between the AKS and the VMs as the CIDR of the VM and the AKS is different. So, leveraging the Azure plugin to deploy an internal load balancer as a service through AKS is only way through which you can achieve communication between AKS pod and a VM deployed in Azure. Below is a diagram for illustration purposes.
To deploy the internal load balancer through YAML files in AKS for external communication with VMs, kindly refer to the link below for details: -
https://fabriciosanchez-en.azurewebsites.net/implementing-virtual-machine-to-pod-communication-in-azure-kubernetes-service-aks/

Kubernetes: Connect to Azure SQL

I have hosted my SQL on Azure SQL.
From my AKS, each of the pods, I found out it is not able to connect to Azure SQL.
DB Connection:
Data Source=tcp:dbname.database.windows.net,1433;Initial Catalog=dbname;User Id={account};Password={password}
In Azure Portal > I have enable this below
I double checked the connection string and is able to connect from my local machine, but inside the kubenetes pod, I try to perform telnet to the server it responds
Connection closed by foreign host.
May I know what going wrong on this.
Azure provides two options for pods running on an AKS worker nodes to access a MySQL or PostgreSQL DB instance:
Create a firewall rule on the Azure DB Server with a range of IP addresses that encompasses all IPs of the AKS Cluster nodes (this can be a very large range if using node auto-scaling).
Create a VNet Rule on the Azure DB Server that allows access from the subnet the AKS nodes are in. This is used in conjunction with the Microsoft.Sql VNet Service Endpoint enabled on the cluster subnet.
VNet Rules are recommended and preferable in this situation for several reasons. Nodes are often configured with dynamic IP addresses that can change when a node is restarted resulting in broken firewall rules that reference specific IPs. Nodes can be added to a cluster which would require updating the firewall rule to add additional IPs. VNet Rules avoid these issues by granting access to an entire subnet of AKS nodes.
Manual steps
Configuring a secure networking environment for AKS and Azure DB requires the following:
AKS cluster setup
ResourceGroup: a logical grouping a resources required for all resources.
VNet: creates a virtual network for the AKS cluster nodes.
Subnet has a range of private IPs for AKS cluster nodes
Create an AKS cluster using the above resources.
Configure managed service access
VNet Service Endpoint: update the cluster subnet above with a service endpoint for Microsoft.Sql to enable connectivity for new Azure DB service resource.
Provision managed services with private IPs on the cluster’s network
Provision managed Azure DB service instances: PostgreSQL, MySQL.
VNet Rule for each managed service instance to allow traffic from all nodes in the cluster subnet to a given Azure DB service instance (PostgreSQL, MySQL).
I have found the issue, basically the Issue is on the AKS getting the wrong configuration, For the Identity, It doesn't read the proper appsettings.json, which it should be point to /secrets/*.json
AddEntityFrameworkStores()
I change the code to retrieve the information from the correct secret, the apps is work now.
Sadhus answer is correct and secure. But first you can quickly check by enabling the traffic as follows.
First select your server from your resource group.
Now in your sql server enable "Allow Azure services and resources to access this serve"

Azure container instance not connected kafka cluster

I have a Azure Container Instance, and I want to connect to a kafka that is also in the azure.
If in kafka configure the advertised.listeners with dns I can connect, however with hostname I can not.
In ACI I also can not ping/wget/telnet to other internal resources, just for other ACIs.
vnet kafka = vnetA
subnet kafka = subnetA
vnet ACI = vnetA
subnet ACI = subnetB
I created the ACI with private ip.
This article explains how to configure your listeners in this situation: https://rmoff.net/2018/08/02/kafka-listeners-explained/
For your issue that the Azure Container Instances connect with other Azure resources. Now the Azure Container Instance just supports a private IP and no DNS labels, and the instances can connect with other resources in the same Vnet or in different Vnet with peering.
Container groups deployed to a virtual network do not currently
support public IP addresses or DNS name labels.
So you can just connect the ACI with the private IP the Vnet. And it just is a preview version. For more details, see Deploy container instances into an Azure virtual network

ACS Engine Azure VNET Integrarion

I have trouble integrating an ACS Engine Cluster with my existing VNET in Azure.
Below are the steps to reproduce my issue:
Create an ACS Engine Cluster with default configuration. It creates its own VNET(let's say ACS_VNET)
Create a new VNET(VNET2) with a VM and do a VNET Peering to ACS_VNET.
Create a sample service with Azure Private Load Balancer and try to access its private IP from the above VM in VNET2. It does not work. Also tried with Private IP of the pod and with a NodePort with no luck.
Followed this article to create the cluster: https://dzone.com/articles/create-custom-azure-kubernetes-clusters-with-acs-e
Above steps works for an AKS Cluster in Azure.

Resources