During AKS installation on stack hci fails without more details
Notification details
ErrorError
Set platform configurations
Source
Go to Azure Kubernetes Service.
Type
Error
Message
Applying platform configurations failed. Error: The provided configuration is not valid. Please review the report moc_validation_report.html, fix the configuration and retry.
Resolve issues and errors during an AKS hybrid installation
Verify your Vnet Config, if you use different VLANs for AKS and host Management. Enable full traffic between it. Make sure the cloudcidr is set from host network.
Related
I deployed a containerized app to my IBM Cloud Kubernetes service in a VPC. The app uses App ID for authentication. The deployment pipeline ran successfully. The app seems ready, but when accessing its URL it gives an internal server error (500 status code).
From the Kubernetes dashboard I found that the ALB Oauth Proxy add-on is failing. It is deployed, but does not start.
The deployment seems to fail in the health checks (ping not successful). From the POD logs I found the following as last (and only) entry:
[provider.go:55] Performing OIDC Discovery...
Else, there is not much. Any advise?
Guessing from the missing logs and the failing pings, it seemed related to some network setup. Checking the VPC itself, I found that there was no Public Gateway attached to the subnet. Enabling it allowed outbound traffic. The oauth proxy could contact the App ID instance. The app is working as expected now.
Make sure that the VPC subnets allow outbound traffic and have a Public Gateway enabled.
We are getting below error on Azure devops pipeline via Self hosted agent release when Azure web app is on Private network. No Error seen when the web app on azure is on Public.
Error: Error: Failed to deploy web package to App Service. Error: tunneling socket could not be established, statusCode=503
Made Azure web app to private and error comes. Moved to public no error seen.
Seems that the self-hosted agent cannot connect to the Azure app service. It seems to be a network issue.
The agent needs a way to connect to the App service directly. To ensure the connectivity is ok, we need to make sure the self-hosted agent is not blocked by NSG rules or App Service networking Access Restrictions. Just whitelist the agent machine in your rules.
The task using Kudu REST API to deploy the application. We need to check the following App Service networking Access Restrictions to allow deployment from a specific agent:
Make sure the REST site “xxx.scm.azurewebsites.net” have Allow All, i.e. no restriction.
Also, the option “Same restrictions as ***.azurewebsites.net” should be unchecked.
If you are using Private Endpoints for Azure Web App, you must create two records in your Azure DNS private zone or your custom DNS server. Kindly check DNS for more details.
Besides, when the proxy is set up, Web API calls and SCM hosts are bypassed by the user. The same has to be configured in the Azure pipelines agent explicitly. To bypass specific hosts, follow the steps here and restart the agent.
1.Allow access to Public removed.
2.Created Pvt endpoints within same Vnet and Subnet of Target VM
3.Created new file .proxybypass in self hosted agent folder C:\Username\Agent
4.Added below entries in .proxybypass to allow and communicate bypassing corporate proxy
https://MyWebappname.azurewebsites.net
http://MyWebappname.azurewebsites.net
enter code here
I can't connect from azure resource (aks node) to Azure postgres using pgcli. I also tried directly from node and got the same error message:
FATAL: Client from Azure Virtual Networks is not allowed to access the server. Please make sure your Virtual Network is correctly configured.
Firewall rules in the resource are on:
Allow access to Azure services: ON
Running the same pgcli login command on my computer and on another azure resource seems to work fine.
Adding Firewall rules to all IPs return the same error.
Curl from the problematic server (host:5432) returns a reply, so it's not an outbound issue.
What does the error mean?
A VM where the connection originates from is deployed to a virtual network subnet where Microsoft.Sql service endpoint is turned on. Per documentation:
If Microsoft.Sql is enabled in a subnet, it indicates that you only want to use VNet rules to connect. Non-VNet firewall rules of resources in that subnet will not work.
For connection to succeed there must be a VNet rule added on PostgreSQL side. At the time the question was asked VNet Service Endpoints for Azure Database for PostgreSQL just got to public preview so I assume it might not have been available for the OP.
Solution
As of November 2020, Service Endpoints for Postgres is GA and instead of disabling the service endpoint one can add a missing VNet rule to the PostgreSQL server instance and reference the service endpoint-enabled subnet. It can be done via Portal or Azure CLI
Apparently, the vm is part of a vnet that a service endpoint tag Microsoft.sql was enabled.
I found this answer. To solve the problem I disabled the service endpoint and added the public IP to the Connection Security section.
I encountered the same problem.
All I did was to switch Allow access to Azure services to ON .
I'm trying to deploy a service fabric application to an unsecure Azure Service Fabric cluster. When I open the publish window in VS 2017 I get the following. If my cluster is unsecure, shouldn't I be able to publish it w/o configuring the cert?
I tried a publish anyways and I got:
Try accessing the server via powershell to maybe get a better error. Usually, errors like this are caused by firewalls blocking the port 19000.
This article shows to how to secure the service fabric cluster in the Azure:
https://azure.microsoft.com/en-us/documentation/articles/service-fabric-visualstudio-configure-secure-connections/
But it makes no references as to how to configure developer's machine for the same. I tried to apply the same principles in the above link to see if I can make it work. It always fails to deploy services locally but works like a charm when I publish them to azure's service fabric cluster. If I remove the secure bindings, I can deploy services to local cluster successfully. But this becomes tedious whenever I want to publish the services to the azure's secure cluster.
Does any one have an idea as to how to go about creating a secure service fabric cluster on developer's machine?
I am using Service Fabric version 5.5.216.0 and it seems to be working. Run powershell command:
PS C:\Program Files\Microsoft SDKs\Service Fabric\ClusterSetup> .\DevClusterSetup.ps1 -PathToClusterDataRoot "C:\SfDevCluster\Data" -PathToClusterLogRoot "C:\SfDevCluster\Log" -AsSecureCluster
Then, open IE to browse "https://localhost:19080/Explorer/". You will see a popup asking you to choose which client certificate to connect. Use the one with name 'ServiceFabricDevClusterCert'. Chrome didn't work for me as it failed directly with no useful warning. Maybe somewhere in chrome I should enable popup window?