The API seems to support public or private for ip address, but I can't figure out how to get that private ip address on a vnet.
"properties": {
"containers": [
],
"osType": "Linux",
"ipAddress": {
"type": "Public",
"ports": [
{
"protocol": "tcp",
"port": "[parameters('port')]"
}
]
I'm guessing it's either not documented or not possible yet. I was wondering about exposing multiple IPs, and even though the portal doesn't have it I was able to get it working from the template by just adding it there, so I'm wondering if there is a way to get the instance on a VNET for an internal IP address through the template?
Azure Container Instances currently don't have VNet integration, so it's not possible to get a private ip - we will have it by the time Azure Container Instances reaches GA. Thanks!
Looks like this feature is now in preview:
https://learn.microsoft.com/en-us/azure/container-instances/container-instances-vnet
Related
I'm currently using the standard blue/green deployment setup here:
I need to use the same public IP for both Load Balancers.
Currently it appears that a load balancer (LB) can only use a 'not used' frontend IP configuration. So, I could switch the load balancer off the public IP onto a temporary one then assign the public IP to the other LB. Not such a slick blue/green deployment though.
Is there a way to overcome this issue so I can switch the traffic manager over and the public IP remains the same?
You can try this:
https://learn.microsoft.com/en-us/rest/api/load-balancer/load-balancers/swap-public-ip-addresses
{
"frontendIPConfigurations": [
{
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/loadBalancers/lb1/frontendIPConfigurations/lbfe1",
"properties": {
"publicIPAddress": {
"id": "/subscriptions/subid/resourceGroups/rg2/providers/Microsoft.Network/publicIPAddresses/pip2"
}
}
},
{
"id": "/subscriptions/subid/resourceGroups/rg2/providers/Microsoft.Network/loadBalancers/lb2/frontendIPConfigurations/lbfe2",
"properties": {
"publicIPAddress": {
"id": "/subscriptions/subid/resourceGroups/rg1/providers/Microsoft.Network/publicIPAddresses/pip1"
}
}
}
]
}
I would probably still prefer a blue/green solution that does not depend on something like this, but it can be a start.
I have my web app running on Azure with scale out to have multiple instances.
I can get the list instances name using the Management API of Azure as below
https://management.azure.com/subscriptions/"SubscriptionID"/resourceGroups/"ResournceGroupName"/providers/Microsoft.Web/sites/"sitename"/instances?api-version=2018-02-01
This API provides me the below information
"value": [
{
"id": "/subscriptions/subscriptionid/resourceGroups/websitename/providers/Microsoft.Web/sites/websitename/instances/instancename",
"name": "68e9f48782245c3a112318 INSTANCE NAME ac97aa9f0b55a4b0eb7a0",
"type": "Microsoft.Web/sites/instances",
"location": "UK West",
"properties": {
"name": "68e9f48782245c3a112318 INSTANCE NAME ac97aa9f0b55a4b0eb7a0",
"siteInstanceName": "68e9f48782245c3a112318 INSTANCE NAME ac97aa9f0b55a4b0eb7a0"
}
I wanted to know the IP address of each instance. Can any one please help me how can i get that.
You can't know beforehand which IP address a given app instance will
use to make the outbound connection
So, unfortunately, you just can know the possible outbound IP addresses and not the exact IP address. The inbound IP address may also change when you perform some actions. But you can get a static inbound IP address if you configure an IP-based SSL binding. See Get static inbound IP.
You can retrieve the possible IP list of the scaled instances in Azure Portal. Find the possibilities of retrieving the IP of scaled instances here.
I have an Azure Load Balancer in front of a Azure VM Scale Set (VMSS). I also have a NAT pool configured on the Load Balancer like the following:
{
"name": "InstanceInputEndpointNatPool",
"properties": {
"backendPort": 10000,
"frontendIPConfiguration": {
"id": "[concat(resourceId('Microsoft.Network/loadBalancers', variables('loadBalancers_01_name')), '/frontendIPConfigurations/LoadBalancerIPConfig')]"
},
"frontendPortRangeStart": 10100,
"frontendPortRangeEnd": 10500,
"protocol": "Tcp"
}
}
Essentially, for each VM in the VMSS, the load balancer forwards a request received at DNSName:PORT(between 10100-10500) to one of the VMs:10000(same backend port).
Is it possible to retrieve the PORT assigned to this VM, programmatically in C#, for a program running on that VM? This would help me directly target that VM port.
You may refer the article and find the code on GitHub link.
Today, I found I cannot remote into my Azure VM scale set instances (win 2016 Nano Server). I then tried restart the VM scale set instance using powershell but got following like error:
Restart-AzureRmVmss : Long running operation failed with status 'Failed'. Additional Info:'VM 'master-vmss_0' has not
reported status for VM agent or extensions. Please verify the VM has a running VM agent, and can establish outbound
connections to Azure storage.'
ErrorCode: VMAgentStatusCommunicationError
ErrorMessage: VM 'master-vmss_0' has not reported status for VM agent or extensions. Please verify the VM has a
running VM agent, and can establish outbound connections to Azure storage.
Our VM scale sets has been running correctly for nearly one year. What happened on VMSS? Did Azure make changes on VMSS recently?
Update with NSG outbound rule:
{
"name": "AllowVnetOutBound",
"properties": {
"provisioningState": "Succeeded",
"description": "Allow outbound traffic from all VMs to all VMs in VNET",
"access": "Allow",
"priority": 65000,
"direction": "Outbound",
}
},
{
"name": "AllowInternetOutBound",
"properties": {
"provisioningState": "Succeeded",
"description": "Allow outbound traffic from all VMs to Internet",
"access": "Allow",
"priority": 65001,
"direction": "Outbound",
}
},
{
"name": "DenyAllOutBound",
"etag": "W/\"a8e5e396-4f92-4118-b8ea-9b7d0111079f\"",
"properties": {
"provisioningState": "Succeeded",
"description": "Deny all outbound traffic",
"access": "Deny",
"priority": 65500,
"direction": "Outbound",
}
}
Check Network Security Group is blocking outbound connectivity from your VM?
VM Agent and Extensions are updated
If HTTPS is blocked to this storage account then you will get this error message. More information here http://www.deployazure.com/compute/virtual-machines/azure-vm-agent-extensions-deep-dive-part-3/
Our VM scale sets has been running correctly for nearly one year. What
happened on VMSS? Did Azure make changes on VMSS recently?
Recently, there are some maintenance in Azure, update host OS to windows server 2016. We can find the maintenance information in Azure portal, like this:
In your scenario, maybe we can create a new VM in VMSS' vnet, then use that VM to remote the VMSS instance, to check the VM agent status.
If the VM agent status is down, we should start it.
Update:
Recently you experienced an issue with starting VM failure after planned maintenance VM reboot. This is due to container fault issue in the backend.
Our backend engineer has checked the faulted tenant and applied mitigation. Can you try to restart the VMss again? If that does not work, please create a support ticket to Azure.
Again, sorry for all the inconvenience caused for you.
I deployed a swarm ACS and a Load Balancer was auto deployed also.
I'm using an Application Gateway for SSL offloading and want to point it at my swarm agents.
However, since the swarm agents are configured as the backend pool for the Load Balancer, I can't also make the swarm agents a backend pool for the Application Gateway.
I don't need/want the Load Balancer, but I can't delete it since it has a backend pool associated with is.
This is the same story for GUI or CLI deployed ACS'.
I asked this same question over at Microsoft, but they eventually directed me here.
Thoughts?
Thanks for reading.
There are two solutions. The second solution is better since you can deploy a modern swarm mode cluster:
For ACS deployed swarm cluster, in the following order make the following modifications:
remove the loadBalancerBackendAddressPools relation ship in the VMSS object
remove the loadBalancer
remove the public ip associated with the loadBalancer.
Use ACS-Engine, https://github.com/Azure/acs-engine, to deploy a cluster without a load balancer using the model such as the following:
{
"apiVersion": "vlabs",
"properties": {
"orchestratorProfile": {
"orchestratorType": "SwarmMode"
},
"masterProfile": {
"count": 3,
"dnsPrefix": "",
"vmSize": "Standard_D2_v2"
},
"agentPoolProfiles": [
{
"name": "agentpublic",
"count": 3,
"vmSize": "Standard_D2_v2"
}
],
"linuxProfile": {
"adminUsername": "azureuser",
"ssh": {
"publicKeys": [
{
"keyData": ""
}
]
}
}
}
}