We have an AKS cluster on Azure and an endpoint on Azure App Service.
Calls are being initiated from a service (exposing a deployed app) on AKS to an App on Azure App Service (Public URL)
When deploying to Azure App Service, the application goes down in order to deploy, meanwhile calls are still being initiated from the AKS micro-service.
The AKS service starts throwing exceptions that the endpoint is not available which is normal. but when the Azure App service is up again the AKS service still throws the same error even when the app is online again and serving other services successfully. it is like the AKS is caching the error.
In order to fix it I have to kill all the living pods of the faulty micro-service and then scaling it back out again.
Can someone please guide me on why is this happening and how can I prevent this in future deployments?
Related
I have an azure app service running. I need to use the functions in this app servie from the kubernetes pod which have an API to call the function in App service. The app service has restrictions.
I have tried giving access to IP of pod by whitelisting it in app service but unable to access .Can we set a VPN in the pod which can allow the access to azure App service. I am new to kubernetes please mention the ways to achieve it.
Thanks in Advance
• I would suggest you use the Azure Arc environment in AKS for accessing the app service deployed in a pod in AKS. Through Azure Arc enabled AKS, you will be able to enable threat protection and apply policy definitions effectively. To deploy the Azure Arc, you will need to install the Azure CLI extensions as given below and connect the AKS cluster to Azure Arc. Then deploy the log analytics workspace in the same resource group to monitor and log the activity of the applications deployed on the AKS cluster. Then install the required app service extensions in the Azure Arc and create a custom location in Azure to assign the App Service Kubernetes environment.
• Once done, you will have to create an App Service Kubernetes environment and then create your app service in it in the custom location as defined earlier. Then, you can deploy your required application code in the app service already created. In this way, you can deploy an app service in AKS cluster using the Arc extension resource which helps in restricting the pod communication through allowed IP addresses and restricted IP addresses.
• For more details, kindly refer to the link below which describes in detail the deployment of Azure Arc in AKS cluster: -
https://techcommunity.microsoft.com/t5/apps-on-azure-blog/app-service-on-kubernetes-with-azure-arc/ba-p/2867959
I'm trying to create working solution with Swagger Ocelot API Gateway and deploy it on Azure as a hybrid of Azure App Service and Azure Container Instances.
Backend services are deployed to ACI, a service that runs containers. Docker images are stored and deployed to containers (Azure Container Registry).
Virtual Network is used to deploy our containers into with two subnet (one used for containers and the other one for gateway). The gateway is not deployed into this virtual network, but access to it via the gateway-subnet, which communicates with the backend-subnet.
Gateway is deployed as Azure App Linux Service, which communicates to our backend services via their private IPs by configuring the VNet Integration.
However, the App Service is not working. It gives an application error and in the log stream is the following:
at SwaggerOcelot.Gateway.Program.<>c.b__1_0(IConfigurationBuilder config) in \SwaggerOcelot.Gateway\Program.cs:line 17
2022-01-27T09:27:54.820243802Z at Microsoft.Extensions.Hosting.HostingHostBuilderExtensions.<>c__DisplayClass6_0.b__0(HostBuilderContext context, IConfigurationBuilder builder)
2022-01-27T09:27:54.820248402Z at Microsoft.Extensions.Hosting.HostBuilder.BuildAppConfiguration()
2022-01-27T09:27:54.820257202Z at Microsoft.Extensions.Hosting.HostBuilder.Build()
2022-01-27T09:27:54.821977012Z at SwaggerOcelot.Gateway.Program.Main(String[] args) in SwaggerOcelot.Gateway\Program.cs:line 11
2022-01-27T09:28:05.940519859Z Could not open output /home/logs/dumps/coredump. 2 No such file or directory
I wonder whether the deployment process is not correct.
I have deployed a web application on Azure Kubernetes Service (AKS). I want to generate access logs (which include HTTP method, path, request body, if possible HTTP headers, and timestamp) of deployed web application and not of Kubernetes Cluster, Nodes and Pods. I have used Application Gateway, but it is creating logs of Kubernetes Cluster, Nodes or Pods. I have also used Log Analytics on Azure, but it is also not giving me required logs.
You need your application to generate those logs in some form. kubernetes doesnt provide networking logs. Easiest way is outputting to stdout, or, perhaps using Application insights. Another option is using something like Zipkin or Jaeger to capture those.
I have 1 Webapp running under same App service plan. As I am using a premium Azure app service plan with 15 instances, We are consuming only 10 percent of CPU. So to increase more availability and responsiveness of our app, I was planning to deploy one more instance of same app with a different name under same App service plan.
So now I am running my-app and my-app01 under 1 app service plan. Now I want to distibute the incoming traffic between this 2 apps.
As this app's are running under on app service, they are running on same location. So Azure Traffic manager doesn't allow the endpoints from same location. To by pass this I have used Traffic manager nested nedpoint to list my both app endpoints under one traffic manager.
then I have added my custom domain name to traffic manager as a CNAME record mapping.
myapp.abhisqs.com -> abhisq.trafficmanager.net -> (my-app.azurewebsites.net , my-app01.azurewebsites.net)
After doing this I am not able to open my app by hitting https://myapp.abhisqs.com/pages/default.aspx from Url, it was throwing 403 error. So I added a hostname(myapp.abhisqs.com) and SSL binding for my-app. Then I was able to open my app by using the https://myapp.abhisqs.com/pages/default.aspx.
So Now my other app instance my-app01 doesn't have a Hostname and SSL binding, So if my primary app (my-app) is off, then I am not able to open the app UI ( fails with error 403). Also from Azure portal I am not able to add host name and SSL binding to my second app which is running under same app service plan. It throws error "the host name 'myapp.abhisqs.com' is alredy configured for my-app so first remove that then configure with this."
So my question is what is best way to have multiple apps under same service plan, load balanced under one single custom domain name.
I'm exploring Azure but unable to figure out how to allow my App service to connect to the VNET I created so it can access the HDInsight cluster.
My scenario is this, I'm running a Kafka HDInsight cluster deployed in the VNET I created and I need to also deploy my Azure Web App for Container in the same VNET so it can connect to the Kafka brokers.
I haven't seen a good documentation on this, need help on how to set the Azure app service to connect to my VNET over a private network?
The Network is disabled (don't know why) on my App service.
Thanks
VNET integration is not available yet for Web App for Containers or App service on Linux. Please follow the UserVoice request for updates on when it will be supported.
https://feedback.azure.com/forums/169385-web-apps/suggestions/32534479--linux-enable-vnet-integration-for-app-service-on