We created an Azure Red Hat OpenShift (ARO) cluster via:
az openshift create --resource-group $CLUSTER_NAME --name $CLUSTER_NAME -l $LOCATION --aad-client-app-id $APPID --aad-client-app-secret $SECRET --aad-tenant-id $TENANT --customer-admin-group-id $GROUPID
The URL for the cluster came out in the form:
https://openshift.<cluster-id>.<cluster-region>.azmosa.io/
Is there a way to give it a cleaner, human-readable URL like:
https://openshift.myprodcluster.<cluster-region>.azmosa.io/
As #Will Gordon comment, I don't think you can change the default URL https://openshift.<cluster-id>.<cluster-region>.azmosa.io/ provided by the Azure platform.
If you need a cleaner, human-readable URL, you could try to add a CNAME DNS record which maps your custom domain name like www.contoso.com to this hostname openshift.<cluster-id>.<cluster-region>.azmosa.io in your DNS provider.
If so, you will need to purchase a public domain and get an SSL certificate with that custom DNS name over a secure HTTPS connection. You also could get a free SSL certificate from Let’s Encrypt.
Related
https://learn.microsoft.com/en-us/cli/azure/?view=azure-cli-latest
1.Resource Group | az group create -l westeurope -n Domains
2.CDN > profile > create | az cdn profile create -g Domains -n HomeProfile --sku Premium_Verizon
3.CDN > endpoint > create | az cdn endpoint create -g Domains -n HomeEndpoint --profile-name HomeProfile --origin www.home1991-2000.com
4.DNS > Zones > create | az network dns zone create -g Domains -n www.home1991-2000.com
5.DNS > Record sets > CNAME > create | az network dns record-set cname create -g Domains -z www.home1991-2000.com -n HomeRecordSet
6.eventgrid > domain > create | az eventgrid domain create -g Domains --name home1991-2000 -l westeurope
7.CDN > custom-domain > create | az cdn custom-domain create -g Domains --endpoint-name HomeEndpoint --profile-name HomeProfile -n home1991-2000-name --hostname www.home1991-2000.com
I'm receive these bad request. Can anyone help ?
BadRequest - We couldn't find a DNS record for custom domain that points to endpoint. To map a domain to this endpoint, create a CNAME record with your DNS provider for custom domain that points to endpoint.
Quoting the official docs:
Before you can use a custom domain with an Azure CDN endpoint, you
must first create a canonical name (CNAME) record with your domain
provider to point to your CDN endpoint. A CNAME record is a type of
DNS record that maps a source domain name to a destination domain
name. For Azure CDN, the source domain name is your custom domain name
and the destination domain name is your CDN endpoint hostname. After
Azure CDN verifies the CNAME record that you create, traffic addressed
to the source custom domain (such as www.contoso.com) is routed to the
specified destination CDN endpoint hostname (such as
contoso.azureedge.net).
Therefore, as the error message points out, you will need to create a CNAME record with your DNS provider for your custom domain that points to your CDN endpoint, i.e., HomeEndpoint.azureedge.net.
As a pre-req, in order to use Azure DNS for your custom domain, you must first delegate your domain to Azure DNS. If you do not already have a custom domain, you must first purchase one with a domain provider.
Once this is done, you can associate the custom domain with your CDN endpoint.
Note:
The az network dns record-set cname create command only creates an empty CNAME record set. You might want to use az network dns record-set cname set-record instead to actually also set the value of a CNAME record.
References:
Tutorial: Add a custom domain to your Azure CDN endpoint
Use Azure DNS to provide custom domain settings for an Azure CDN
I'm trying to setup a K8 ingress to route to multiple services based on the hostname. Like mentioned here.
In Azure, I'm able to map DNS name with Public IP using az-cli like this,
az network public-ip update --ids $PUBLICIPID --dns-name $DNSNAME
However, this command isn't letting me to add multiple DNS entries to the same publicIP.
What will be the right way to achieve this in Azure KS? Preferably using az-cli or some other cli tools.
I dont think you can assign multiple Azure managed DNS names to the same public IP, but you can use Azure DNS or some external DNS provider to have as many CNAME records pointing to the same DNS record as you want to.
az network dns record-set cname set-record --resource-group myresourcegroup --zone-name contoso.com --record-set-name test-cname --cname www.contoso.com
an alternative would be to use external dns to let kubernetes manage it.
I am creating an Azure container instance to host an index for testing purposes. Currently I can only get it to work with IpAddressType set as Public, but of course this makes the index available to the world.
Is it possible to secure an Azure container instance with IP restrictions, preferably using PowerShell?
When I configure the container image with IpAddressType set as Private, I am unable to access the index.
Below is the command I am using to create the container instance:
New-AzureRmContainerGroup -ResourceGroupName $resourceGroup `
-Name indexcontainer `
-Image $image `
-IpAddressType Public `
-Location $resourceGroupLocation `
-MemoryInGB 6 `
-Cpu 2 `
-Port 9200
TODAY:
Not with Container Groups, if you open up a port on the container group, it is public to the world.
Container-Group is the little brother (mini version) of full-on AKS.
AKS, the big brother, gives you more control.
See : https://learn.microsoft.com/en-us/azure/aks/internal-lb
-IpAddressType Accepted values: Public
https://learn.microsoft.com/en-us/powershell/module/azurerm.containerinstance/new-azurermcontainergroup?view=azurermps-6.13.0
Note, the only value accepted in documentation is "Public"
However, they put the placeholder in for future arguments besides "Public"...so I think they see this as a gap in functionality........
As mentioned in the above comment, you can expose them to VNET now (in Preview)
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-vnet
Once connected to a VNET you can use Network Security Groups to only allow traffic from allowed IPs or networks. The route you are currently taking will not work.
Seems like no, at least natively with Azure Container Instance.
There are two options to deploy Azure Container Instances:
publicIP - you can't restrict access to this type of deployment.
Custom VNet - you can apply restrictions with the network security groups (NSG), but Azure Container Instances doesn't support exposing containers publicly in this case.
See documentation:
Unsupported networking scenarios:
Public IP or DNS label - Container groups deployed to a virtual network don't currently support exposing containers directly to the internet with a public IP address or a fully qualified domain name
As an option, you can try to do the following (it supports restrictions for HTTP/HTTPS traffic only):
Put the Application Gateway before the ACI deployed in custom VNet to expose containers publicly (you can find some examples, like this one)
Add IP whitelisting restrictions to NSG in custom VNet for ACI.
I am very much aware that Reverse DNS is possible on Azure Cloud Services. That's not what I'm asking about. I need to know if it's possible when using Azure Resource Manager. I've looked around a lot online, and while I've found some (2+ year) old questions about it, I can't find any answers.
Thanks!
If you've already created a static public IP and want to add reverse DNS to it:
Using Azure Powershell:
Login to azure subscription using:
login-azurermaccount
Select the subscription using:
select-azurermsubscription -subscriptionname mysubscription
Get the IP using:
$p = get-azurermpublicipaddress -name myipname -resourcegroupname myresourcegroupname
Set the reversedns (ensuring your forward DNS is set first) using:
$p.dnssettings.reversefqdn = "mail.mydomain.com"
Finalize the setting using:
set-azurermpublicipaddress -publicipaddress $p
Ok, while the other two answers were helpful, neither got me all the way there. But I finally figured this out. Many shouts to Michael B who has been a HUGE help!
The domain I used to learn and play is woodswild.com. If you want to follow along with these steps, just swap out as needed. Hope this helps save someone some time. It took me WAY WAY too long to figure this out.
One more thing: These steps assume you are NOT using a template.
1: Open Windows Azure Powershell
2: Inside Powershell, log in to your account with this command:
Login-AzureRMAccount
This will prompt you for a log in and password.
3: Create a Resource Group.
You can do this in the UI if you want, or in Powershell. This is the command if you want to do it in Powershell:
$rgName="RG1"
$locName="Central US"
New-AzureRmResourceGroup -Name $rgName -Location $locName
4: Create a Temporary Public IP Address:
The process of creating a Public IP Address with fully qualified Reverse DNS lookup (ReverseFqdn) is wonky. The first thing we have to do is create a temp (throwaway) Public IP Address withOUT a ReverseFqdn. Do that with this command:
$ipName = "tempRG1PIP"
$locName = "Central US"
$rgName = "RG1"
New-AzureRmPublicIpAddress -AllocationMethod Static -ResourceGroupName $rgName -Name $ipName -Location $locName
In this example, the domain I'm playing with is "woodswild.com". After running this command, go to the UI and under the Configuration for the IP Address you just created, give the IP address a DNS label of "tempwoodswild" (or whatever you want for your domain).
5: Create a CName record
For the domain you are setting up with Reverse DNS, log into your registrar. Go to the section where you manage your DNS records for your domain. Create a CName record with the host of "www" (or mail, if you are setting up a mail server) which points to "tempwoodswild.centralus.cloudapp.azure.com" (or to whatever DNS label you created.)
6. Create Another (Permanent) Public IP Address
Now that we have www.woodswild.com (or mail.woodswild.com) pointing to the temp IP address, we can create a perm one.
$ipName = "RG1PIP"
$locName = "Central US"
$rgName = "RG1"
$rvFqdn = "www.woodswild.com" (or mail...)
$dnLabel = "woodswild"
New-AzureRmPublicIpAddress -Name $ipName -ResourceGroupName $rgName -Location $locName -ReverseFqdn $rvFqdn -AllocationMethod Static -DomainNameLabel $dnLabel
You now have a Static, Public IP Address with a ReverseFqdn!!!
7. Delete the temp IP Address
You can do this in the Azure Portal UI.
At this point, in Azure, you should have a Resource Group with only one item in it: Your Public IP Address
8. Edit the CName record, and create an A (Host) Record.
Back in your registrar, edit the CName to be: woodswild.centralus.cloudapp.azure.com
Also, create an A(Host) record as follows:
Host: #
Points To: 40.122.166.144 (which is the IP of the new, perm, Public IP Address)
9. Test the ReverseIP Lookup:
At this point, you should be able to do a reverse lookup on the IP and get the domain:
Tip: At any time, you can see the info from this IP address with this command:
New-AzureRmPublicIpAddress -Name RG1PIP -ResourceGroupName RG1
Creating a Virtual Machine with the Public IP Address
From here, creating a virtual machine that is assigned your public (static) IP with Reverse Lookup capabilities is just a matter of associating the VM with the IP you just created.
Registering a reverse DNS in Azure is complicated by the fact that you need to have a forward A record pointing into an IP address before you can register the reverse. i.e. you need to register www.example.com to point to an IP address in Azure before you can register the reverse address.
That means that if you are creating via template, you need to pre-configure a forward domain else the template will fail.
So presuming you are using a template there are a few steps you need to perform beforehand.
Create an Azure static address - this needs to be static since we're not going to allocate it to a machine. If we created a dynamic address it wouldn't be available until it was attached.
$ip = New-AzureRmPublicIpAddress -Name TestIP1 `
-ResourceGroupName $ResourceGroupName `
-Location $location -AllocationMethod Static
Register the address you get above from $ip.IpAddress in DNS
www IN A 123.45.67.89 ;; $ip.IpAddress address
Run deployment script, if using a template
"properties": {
"publicIPAllocationMethod": "Dynamic",
"dnsSettings": {
"domainNameLabel": "[variables('PublicDNS2')]",
"ReverseFqdn": "[concat(parameters('vmName2'), '.', variables('domainname'))]"
}
Point forward domain to new address (this can be retrieved as an output from a template)
www IN A 123.45.67.90 ;; Deployment IP Address
Finally delete the temporary IP Address
Remove-AzureRmPublicIpAddress -Name TestIP1 `
-ResourceGroupName $ResourceGroupName -Force
Joe Who's answer worked perfectly for me, and was simpler than creating a temporary IP (I already had an existing one, plus I would have had to mess with my DNS settings for the 3rd time in a week).
mysubscription is your subscription type - in my case, it's "Pay-As-You-Go", which you can find in your Azure portal settings.
myipname is the name of your IP address resource, and myresourcegroupname is the name of the resource group that it's in. for the domain, I just entered "mydomain.com" (with my actual doman, of course).
Aside from the nightmare that was getting Azure PowerShell working, the whole thing took about 5 minutes.
Reverse DNS lookup is now functioning and my emails are no longer getting bounced as spam (there is more to set up of course other than this, but I'd already jumped through those hoops).
What I have read so far on the web is that there is no way to add a reserved IP to an existing VM (unless I recreate the VM which I am trying to avoid). However, I have noticed that external IP of my VM and the cloud service is same.
Reserved IP Addresses page explains how to "To use a Reserved IP with Cloud Services". I have looked everywhere in the Azure Management Portal but couldn't find a configuration setting for Service Configuration Schema.
I am using the Azure scheduler to turn-off the VMs at night and on the weekends. From the following I understand is that there is something that I need to write in the scheduler script to re-assign the Reserved IP when the VM starts in the morning. Did I get it right?
Shutdown VM - Previously, when all the Virtual Machine instances in a
cloud service were moved to the Shutdown state (stop/deallocated), the
public IP would be released and a new public IP would be assigned when
one of the Virtual Machines instances was started. However, with this
release, if the VM uses a Reserved IP, then the Reserved IP can be
used when re-deploying the VMs.
P.S. Is Stack Overflow the best place to ask this sort of questions relating to Azure or shall I use Server Fault in the future? I have seen Azure questions in both websites.
At Build 2015 they announced this is now possible and VERY easy.
Simply open Azure powershell and run this:
New-AzureReservedIP -ReservedIPName "ipname" -Location "West US" -ServiceName "somevm"
If you run this it will reserve an IP named "ipname" and associate it with the already deployed instance "somevm.cloudapp.net"
In order to assign existing reserved IP to an existing VM, you can use the following command:
Set-AzureReservedIPAssociation -ReservedIPName MyReservedIP -ServiceName TestService
Step by step to create Reserved IP and using it on Azure VM. Here you can go
Reserved IP Creation
I have done the Elastic IP Automatic scheduling on AWS.Here is the reference link Elastic IP Automation on AWS script.
Between needs to check about How can I write a script for automating the reserved IP for Azure.If you had done it earlier, Kindly share the script this will be very useful. Thanks.
At this point, we don't support the capability to associate a Reserved IP to an already existing VM.
We are currently working on the capability to reserve the IP of an existing VM.
Ref: http://azure.microsoft.com/blog/2014/05/14/reserved-ip-addresses/
http://www.petri.com/how-to-reserve-public-virtual-ip-addresses-in-microsoft-azure.htm
Girish Prajwal
For new VMs (with resource manager) you should do the following:
Create new static IP address:
$ip = New-AzureRmPublicIpAddress -Name "<ip-name>" -ResourceGroupName <group-name> -Location eastus -AllocationMethod Static
Get information about VM Network Interface:
Get-AzureRmVM -ResourceGroupName <group-name> -Name <vm-name> | Select -ExpandProperty NetworkProfile
Get corresponding network interface and set new ip and update NIC:
$netInt = Get-AzureRmNetworkInterface -ResourceGroupName "group-name" -Name <nic-name>
$netInt.IpConfigurations[0].PublicIpAddress = $ip
Set-AzureRmNetworkInterface -NetworkInterface $netInt
I read all of the previous entries and did not come away with a clear picture of how to proceed with assigning a reserved IP address to my existing Azure classic VM, so I opened a support ticket. I got excellent clear guidance from "Sruthi Saranya K", a support engineer in Azure Networking. Sruthi stated "in classic deployment model it is not possible to have a static public IP assigned to a VM", which I had read elsewhere, but she clarified that you simply assign the IP address to the cloud service and not the VM directly, then the VM will automatically pick up on the change. I outline all of the commands here for your convenience, starting from an Azure PowerShell prompt. The critical command was specified in the top response here, but not all of the steps. Also, that example also includes specifying the service, but it does not appear to be a supported parameter for that command, instead there is a second command to associate the IP with the service.
add-azureaccount (to log in to Azure from PowerShell)
New-AzureReservedIP -ReservedIPName "ipname" -Location "East US"
get-azurereservedip (just to see what the reserved IP address is)
Set-AzureReservedIPAssociation -ReservedIPName "ipname" -ServiceName "your cloud service name"
Also, depending on the use, you may want to look up the IP address on mxtoolbox.com to make sure it is not already blacklisted. My reserved IP was for a web site, but the default # DNS entry for the domain meant our domain was generally going to be associated with that IP address, and previously our mail has been blacklisted because our web server IP address was sullied by some other Azure tenant. If you get a blacklisted address, you can remove it and get a new one, also a suggestion from Sruthi. Here are the commands to remove the reserved IP, and to remove the cloud service association if needed:
remove-azurereservedip
Remove-AzureReservedIPAssociation
My sincere thanks to Sruthi for making it so simple and preventing an unnecessary redeployment of our company's public web server.
Add Public IP to an Existing VM
Log into the portal
Find the Resource Group (RG) where your VM is Located
Confirm your VM has a network interface - if not, create one (it should have one)
Create a Public IP Address (static or dynamic, doesn't matter) by adding one to your RG from the marketplace (do this first so it is creating while you make your NSG).
Create a Network Service Group by adding one to your RG from the marketplace and associating it with your VM.
Once the NSG has deployed, go back to the Overview of your PIP and click the "Associate" button in the info section of the blade.
Select the Network Interface of your VM you validated in step 3.
Get a cup of coffee or something, it will be a minute, but otherwise you're done.
New-AzureReservedIP -ReservedIPName "nameIP" -Location "East US" -ServiceName "azureA2vm"
Get this:
New-AzureReservedIP : A parameter cannot be found that matches parameter name 'ServiceName'.
At line:1 char:70
+ New-AzureReservedIP -ReservedIPName "nameIP" -Location "East US" -ServiceNam ...
+ ~~~~~~~~~~~
+ CategoryInfo : InvalidArgument: (:) [New-AzureReservedIP], ParameterBindingException
+ FullyQualifiedErrorId : NamedParameterNotFound,Microsoft.WindowsAzure.Commands.ServiceManagement.IaaS.NewAzureReservedIPCmdlet
Check PowerShell version. Update to latest version.