Azure Container Instance - dns and subnet in the same container - azure

I have an Azure Container Instance with subnet configuration (I need to access an internal service). But I also need to configure dns.
I try to create the Container, but it returns this message: The IP address type can not be public when the network profile is set.
Is it possible to configure dns and configure the subnet in the same container?

Unfortunately, if you deploy the Azure Container Instances in the Subnet of a Vnet, then you cannot set the public IPs or DNS for it. Azure does not support it, at least now. Maybe it will be supported in the future. For more details, see Virtual network deployment limitations.
Container groups deployed to a virtual network do not currently
support public IP addresses or DNS name labels.
Hope this will help you.

The error with the network profile looks like a bug in the az
command tool. If you just specify your VNET name and subnet name
then it will create a network profile name.
If you want to use DNS
to resolve these names you'll need to setup DNS separately, and call
an additional az command to configure the DNS after you create the
container instance.
az network dns record-set a add-record ...
See this doc for using Azure DNS with private IP addresses.
Use Azure DNS for private domains

Related

Cannot access Private AKS cluster from Local Machine (on home network) connected to Azure VPN

I have a Private AKS cluster deployed in a VNET on Azure. Once I deployed it, a private endpoint and a private DNS zone were created by default therefore making the cluster accessible from VM's which are part of the same VNET. (I have a VM deployed in the same VNET as the AKS cluster and "kubectl" commands work in it.)
My requirement is that I want to perform the "kubectl" commands from my local machine (connected to my home network) and also connected to the VPN which connects to the VNET.
My machine can talk to resources within the VNET but cannot seem to resolve the FQDN of the private cluster.
I read somewhere that having a DNS forwarder setup in the same VNET can help resolve the DNS queries made from the local machine which can then be resolved by Azure DNS. Is this the way to go about this? Or is there a better way to solve this problem?
It would really help if someone could give me an action plan to follow to solve this problem.
The better way to perform the "kubectl" commands from your local machine to your private AKS cluster is to use AKS Run Command (Preview). This feature allows you to remotely invoke commands in an AKS cluster through the AKS API. This feature provides an API that allows you to, for example, execute just-in-time commands from a remote laptop for a private cluster. Before using it, you need to enable the RunCommandPreview feature flag on your subscription and install aks-preview extension locally. However, there is a limitation that AKS-RunCommand does not work on clusters with AKS managed AAD and Private link enabled.
In this case, If you want to resolve the FQDN of the private cluster from your on-premise network, you could select to use either the hosts file locally(used for testing) or use your DNS forwarder to override the DNS resolution for a private link resource like this.
The DNS forwarder will be responsible for all the DNS queries via a server-level forwarder to the Azure-provided DNS 168.63.129.16.You can provision IaaS Windows VM with DNS role or Linux VM with bind configured as a DNS forwarder. This template shows how to create a DNS server that forwards queries to Azure's internal DNS servers for Linux VM. Refer to this for DNS forwarder on Windows VM.
If there is an internal DNS server in your on-premise network. The on-premises DNS solution needs to forward DNS traffic to Azure DNS via a conditional forwarder for your public DNS zones(e.g. {region}.azmk8s.io). The conditional forwarder references the DNS forwarder deployed in Azure. You could read this blog about DNS configuration sections for more details.

No access to the website from Azure Container Instance using a private network with custom DNS server

I have Virtual Network with two subnets (A and B). Vnet is configured to use a custom DNS server. In one subnet (A) I have a web server which has an appropriate DNS configuration. If I create a VM inside subnet A and I try to open a website using DNS, then everything is working correctly. Subnet B is fully dedicated to Azure Container Instances. When I create a container group with one container (azure cli), and I try to connect to a website, I get an exception that page is not available. It seems that my container instance is not using my custom DNS server assigned for the virtual network. Any ideas what may be wrong?
When ACI is deployed to an existing vnet and the vnet is configured with the custom DNS server, ACI will not inherit the custom DNS servers. You need to deploy the ACI through YAML file and specify the DNS server in the specification of dnsConfig.
For example, below YAML file, to deploy an ACI with Nginx image in an existing vnet using network profile and configure custom DNS servers. Refer to this.
For more reference, you could read YAML reference: Azure Container Instances

Multiple DNS Names for a public IP in Azure AKS

I'm trying to setup a K8 ingress to route to multiple services based on the hostname. Like mentioned here.
In Azure, I'm able to map DNS name with Public IP using az-cli like this,
az network public-ip update --ids $PUBLICIPID --dns-name $DNSNAME
However, this command isn't letting me to add multiple DNS entries to the same publicIP.
What will be the right way to achieve this in Azure KS? Preferably using az-cli or some other cli tools.
I dont think you can assign multiple Azure managed DNS names to the same public IP, but you can use Azure DNS or some external DNS provider to have as many CNAME records pointing to the same DNS record as you want to.
az network dns record-set cname set-record --resource-group myresourcegroup --zone-name contoso.com --record-set-name test-cname --cname www.contoso.com
an alternative would be to use external dns to let kubernetes manage it.

How Do I Resolve A Public DNS Name To An Internal IP On Azure?

I have an azure network set up with the default Azure DNS.
All the VMs are ubuntu.
When I try to access another VM on the network via the public DNS name it resolves to the public IP.
How do I make it resolve to the internal IP when I request it from the virtual network (and obviously still resolve to the public IP when requested externally).
I'm interested in cli answers as well as configurations through the portal.
Azure DNS for IaaS and PaaS solutions
Please see this article for more information on Azure's own DNS service associated with virtual networks. In short
When role instances and VMs hosted in Azure need to resolve domain
names to internal IP addresses, they can use one of two methods:
Azure-provided name resolution
Name resolution that uses your own DNS server (which might forward queries to the Azure-provided DNS servers)
The type of name resolution you use depends on how your VMs and role
instances need to communicate with each other.
Azure DNS Private Zones (in preview)
There's also a relatively new service called, Azure DNS Private Zones that allow you to set up a private DNS service to be used with, for example virtual networks.
This service allows you to set up a private domain and private IPs for your machines. See this page for more information and some common usage scenarios.
Also, see this this feature suggestion:
Enable split DNS for providing both public and internal name resolution to VMs in the VNET

Azure VMSS : Retrieve FQDN

I have created a Virtual machine scale set in Azure and now require to access FQDN of instance from inside of VM. Tried these:
1. Using Azure metadata service. It surprisingly does not have FQDN field.
2. used Hostname -f it gave an fqdn but I think it is to be used internally in azure as it is not accessible from outside.
3. Tried listing public IP of VMSS but how to filter it to show public ip related my VM escapes me.
Update : In AWS "curl http://169.254.169.254/latest/meta-data/public-hostname" commands give the intended output. I am looking for its equivalent
For now, it's not possible to get FQDN from metadata server.
More information about data categories are available through the Instance Metadata Service, please refer to this link.
Does your VMSS instances create with public IP addresses? if yes, you can use Powershell or Azure portal to find the FQDN.

Resources