How to connect azure application gateway with aks service of type load balancer without ingress on AKS, where aks and ag are in same vnet but different subnets.
I want to host a three tier application on azure with fine grained security. What I'm trying is, To deploy frontend on AKS(private) - accessible publicly via application gateway(WAF-2) To deploy APIs on the same AKS(private) - protected by private…
can we configure release with multistage release pipeline in azure devops,if yes what is the feasible solution
can we configure the pipeline in such way that when there is build for one artificat it only have to run its associated stage and it should not run all the artifact which is in sequence
AKS Cluster is in failed state
This cluster is in a failed state. If you didn't do an operation, AKS may resolve the provisioning status automatically if your cluster applications continue to run.
Application Gateway for Containers - RegularExpression for header matcher not working in HTTPRoute
Contrary to what is described in the docs (see green box "Tip") using the type "RegularExpression" to match a header value does not work. It seems that ANY value is accepted no matter what kind of regular expression I use (even if it…
Creation of AKS cluster is prevented by policy.
Hello Please i need your help on this issue. One of my customer is having an issue with creation of an AKS (Azure Kubernetes Service) cluster being prevented by a policy. The specific resource 'aks-agentpool-19603827-vmss' was disallowed by the…
AKS cluster External IP of loadbalancer not loading
I have created cluster using sample.yaml file on windows. It shows me external IP of loadbalancer but when i tried to open that IP in browser its shows his site can’t be reached 48.216.163.240 took too long to respond. Try: Checking the connection …
How to enable users stopping/deleting and aks cluster
Hi, I have multiple aks clusters running in a subscription. with multiple users having contributor access on the subscription i want only 1 particular user to have access to start stop and delete teh aks cluster while all other user have contributor…
one of my customers would like to know the tentative timeline as to when AKS Fleet Manager will reach general availability and any interesting capabilities on the roadmap. They are planning to explore it for their production use cases.
one of my customers would like to know the tentative timeline as to when AKS Fleet Manager will reach general availability and any interesting capabilities on the roadmap. They are planning to explore it for their production use cases.
Authorization error accessing Blob from AKS
I have created a storage class with with storage account credentials as described here: https://learn.microsoft.com/en-us/azure/aks/azure-csi-blob-storage-provision?tabs=mount-nfs%2Csecret allowVolumeExpansion: true apiVersion: storage.k8s.io/v1 kind:…
Import Snapshot from Azure Resource Group to create VolumeSnapshot in kubernetes cluster
Hi All, I am looking for a way by which we can import a snapshot in azure portal and create VolumeSnapshot inside kubernetes cluster. we went through below…
Azure Kubernetes Service 지원 버전
https://learn.microsoft.com/en-us/azure/aks/supported-kubernetes-versions?tabs=azure-cli#kubernetes-version-support-policy 위 페이지에서 새로운 마이너 버전이 도입되면 가장 오래된 마이너 버전은 더 이상 사용되지 않고 제거된다고 작성되어있는데요. 혹시 1.27 버전의 지원이 종료되었을 때 사용중인 1.27버전의 AKS 클러스터가 있다면 업그레이드를 하지…
How to allow aks default storage class to create azure disk as the issue started after cleaning managed identity
failed to provision volume with StorageClass "default": rpc error: code = Internal desc = Retriable: true, RetryAfter: 0s, HTTPStatusCode: -1, RawError: azure.BearerAuthorizer#WithAuthorization: Failed to refresh the Token for request to…
How to identify an aks cluster's name and resource group through metadata?
I'm trying to figure out my cluster's name using the metadata from Kubernetes api at http://169.254.169.254/metadata/instance?api-version=2021-02-01. The returned resourceGroupName is built in the format of mc_[resource group name]_[cluster…
How to grant permission for list nodes in AKS using Azure RBAC
Using Azure RBAC for Kubernetes Authorization, we have been able to grant users read access to most of our Kubernetes resources e.g. pods, deployments, configmaps, etc. However, read access to nodes is still unauthorized. According to…
Azure Log Analytics InsightMetrics getting data from Prometheus Namespace in AKS but it is not enabled
AKS does not have Prometheus enabled, however Log Analytics is showing that it is ingesting large amounts of data in InsightMetrics and the namespace comes out to be Prometheus. Already tried: az aks update --disable-azure-monitor-metrics -n…
Accessing Kubernetes API Deprecations for AKS Cluster programmatically
Hi, I wanted to know if there's a way through which we can programmatically fetch the Kubernetes API Deprecations for an AKS cluster like GCP Recommender or Upgrade Insights on AWS. This information is provided on the Azure Dashboard by going to…
How to fix the allow-snippet-annotations in AKS
Is there any alternate for get/enable "allow-snippet-annotations" = true for view the incoming headers. To view incoming headers that are being sent to the AKS cluster. Right now, Ingress controller disable snippets state.
How to ensure that the kubelet read-only port is set to false
During a recent penetration test of our Azure Kubernetes Service (AKS) cluster, it was identified that Kubelet's read-only API is exposed. This poses a security risk as unauthenticated access to the read-only API can reveal potentially sensitive…
How to change kube system pod images to pull from private registry
Issue: High nat gateway data transfer We are running ephemeral workloads that creates 2000-3000 pods and corresponding to that autoscaler spins up around 500 odd nodes. Now even though we are pulling our application images from ACR via service endpoints…
Connectivity Check failing when using the codespaces cluster that is part of the quickstart
I get the following error when trying to execute the following step: Error: The outbound network connectivity check has failed for the endpoint - https://eastus.obo.arc.azure.com:8084/ This will affect the "cluster-connect" feature. If you…