I am attempting to deploy a CloudFormation template, but the Internet Gateway resource fails with an encoded error that decodes to:
Failed to connect to proxy URL: "http://127.0.0.1:10080"
What proxy am I missing that would prevent an Internet Gateway from being created?
It turns out the proxy error is misleading. The real issue is that the user deploying the CloudFormation template did not have the correct permissions.
I granted the user the AmazonVPCFullAccess policy, and the template was deployed correctly.
Related
I deployed a containerized app to my IBM Cloud Kubernetes service in a VPC. The app uses App ID for authentication. The deployment pipeline ran successfully. The app seems ready, but when accessing its URL it gives an internal server error (500 status code).
From the Kubernetes dashboard I found that the ALB Oauth Proxy add-on is failing. It is deployed, but does not start.
The deployment seems to fail in the health checks (ping not successful). From the POD logs I found the following as last (and only) entry:
[provider.go:55] Performing OIDC Discovery...
Else, there is not much. Any advise?
Guessing from the missing logs and the failing pings, it seemed related to some network setup. Checking the VPC itself, I found that there was no Public Gateway attached to the subnet. Enabling it allowed outbound traffic. The oauth proxy could contact the App ID instance. The app is working as expected now.
Make sure that the VPC subnets allow outbound traffic and have a Public Gateway enabled.
Hi I am attempting to create a set of dynamic admission webhooks (registry whitelisting, mostly for security context stuff). This is the chart that I am using, everything works fine when deployed to 2 other EKS clusters, but when I deploy it to a more secure cluster that we are setting up (using Bottlerocket OS among others things) I get the following error:
Error from server (InternalError): Internal error occurred: failed calling webhook "...": failed to call webhook: Post "https://image-admission-controller-webhook.kube-system.svc:443/validate?timeout=2s": context deadline exceeded
I have verified that the service has an endpoint, the selector label maps to a pod, and that I am able to curl the above URL using a test curl image. What should I do? Thanks!
Needed to allow a rule in the SG for the controlplane to allow 443 outbound from RFC1918
We are getting below error on Azure devops pipeline via Self hosted agent release when Azure web app is on Private network. No Error seen when the web app on azure is on Public.
Error: Error: Failed to deploy web package to App Service. Error: tunneling socket could not be established, statusCode=503
Made Azure web app to private and error comes. Moved to public no error seen.
Seems that the self-hosted agent cannot connect to the Azure app service. It seems to be a network issue.
The agent needs a way to connect to the App service directly. To ensure the connectivity is ok, we need to make sure the self-hosted agent is not blocked by NSG rules or App Service networking Access Restrictions. Just whitelist the agent machine in your rules.
The task using Kudu REST API to deploy the application. We need to check the following App Service networking Access Restrictions to allow deployment from a specific agent:
Make sure the REST site “xxx.scm.azurewebsites.net” have Allow All, i.e. no restriction.
Also, the option “Same restrictions as ***.azurewebsites.net” should be unchecked.
If you are using Private Endpoints for Azure Web App, you must create two records in your Azure DNS private zone or your custom DNS server. Kindly check DNS for more details.
Besides, when the proxy is set up, Web API calls and SCM hosts are bypassed by the user. The same has to be configured in the Azure pipelines agent explicitly. To bypass specific hosts, follow the steps here and restart the agent.
1.Allow access to Public removed.
2.Created Pvt endpoints within same Vnet and Subnet of Target VM
3.Created new file .proxybypass in self hosted agent folder C:\Username\Agent
4.Added below entries in .proxybypass to allow and communicate bypassing corporate proxy
https://MyWebappname.azurewebsites.net
http://MyWebappname.azurewebsites.net
enter code here
According to Configuring the Artifactory Service Endpoint, an artifactory instance as service endpoint need to be configured. One of the parameter is the server URL to the artifactory. What if the server URL is a local intranet, will the URL be considered valid ? I am having error with the URL I am providing (Local intranet). The error is:
"Failed to query service connection.....Error Message:'An error
occurred while sending the request'"
What if the server URL is a local intranet, will the URL be
considered valid ?
While the server URL you used here is a local internet, which means our azure image(Hosted agent) could not get communicate with it from public internet. That's why the error message told you failed to send request to server.
So, here the best way is you need configure one self agent in that local machine.
BUT, if Hosted agent is one preferred choice in pipeline execution. I'm afraid you have to configure your artifactory instance to make it accessible from the internet, just like the URL in the blog you shared above. Because our Hosted agent actually is Azure VM which hosted in cloud.
I am trying to deploy a rule app to a Rule Execution Service configuration in Bluemix and I receive the following error: IO error when contacting "/res/repositoryService".
How can I fix this error?
The Bluemix URL is HTTPS and I have set the IBM_JAVA_OPTIONS environment variable to -Dilog.rules.res.allowSelfSignedCertificate=true.
Could you check if you are behind a firewall? If so, please configure it to allow connecting to the RES URL.