How can AKS cluster which has multiple managed identities access helm charts in ACR
I have a AKS cluster with Azure Flux-Extension. The cluster has multiple managed identities for various purposes. The cluster needs to access the ACR to pull the helm charts in it. I am getting an errors in Flux source-controller showing below. …
Web_Application_Routing Ingress Controller with libxml2 vulnerability
Hi All, We are using AKS, but recently we have one libxml2 vulnerability for AKS Web_Application_Routing Ingress Controller. AKS version: 1.28.5 Nginx Controller Image for Web_Application_Routing:…
ML Studio model deployment on AKS fails. reconcile failed with error "403 when request new token"
The endpoint deployment fails with error 403 and "reconciler error" for the metrics-operator service when deploying ML models on an AKS Kubernetes cluster from the Machine Learning Studio's Model Catalog. During the endpoint deployment for the…
How to create cluster aks on azure stack hci with arm template
I always create a local AKS (Azure Kubernetes Service) cluster on Azure Stack HCI using the command New-AksHciCluster -name mycluster -nodePoolName nodepool1 -nodeCount 1 -nodeVmSize Standard_K8S3_v1 -osType linux. However, when attempting to automate…
Control Egress/Ingress Traffic to AKS Cluster
Hello, I run into an issue when placing an AKS cluster behind a BASIC Azure Firewall. I am basically following this guide: https://learn.microsoft.com/en-us/azure/aks/limit-egress-traffic?tabs=aks-with-system-assigned-identities (with the exception where…
Azure kubernetes service is not deploying neither with terraform, nor with manually
Hi, I am working on to create a kubernetes cluster in Azure. The whole infrastructure must be coded in terraform. This is fine. However, when I deploy the AKS cluster, the VMSS creation is always failing with the following error in the activity…
application gateway ingress return 502 error
I am unable to hit my backend endpoint via application gateway load balancer. It returns error 502 Bad Gateway.
The client 'abc' with object id 'XXXXXXXXXXXXXXXXXX' does not have authorization to perform action 'Microsoft.Resources/subscriptions/resourceGroups/read' over scope '/subscriptions/'XXXXXXXXXXXXXXXXXX'/resourceGroups/XXXX-014-aks-rg' or the scope is in
I got into a situation where I need to access AKS cluster ,so I have added below required permission by adding myself to the group and given necessary permission but getting below error ERROR :The client 'abc' with object id 'XXXXXXXXXXXXXXXXXX' does not…
AKS pods not able to communicate to ACR and external MongoDB
tldr We noticed yesterday that some of our deployed pods started getting timeout errors while trying to connect to our external MongoDB hosted at DigitalOcean. The applications running on these pods are not doing much in volume and the MongoDB responds…
Site-to-Site connection with Single IP for ingress and egress traffic
Hi. I have a requirement to connect to a SAAS API via Site-to-Site VPN but they only allow one private IP to send and receive the traffic. I have a K8s cluster in AKS and my system has 2 deployments that will be hitting their API, a HTTPS web service and…
How to deploy Azure function (.net 8 isolated worker process) in aks cluster
I created a Service Bus trigger function with .Net 8 and the isolated worker model. It is running fine locally (on my Windows laptop) However when I deploy it to my AKS cluster the memory usage keeps on growing (starts around 140 MB and after some hours…
azure kubernetes ingress can't acces key vault's certificate
Okay I have azure kubernetes service with running dockerized app, with ingress(I used creating ingress (preview)) everything works fine except certificate, I created key vault, inside uploaded certificate to use for domain, I have "Azure…
Difference between HTTP application routing add-on and web application routing add-on
The HTTP application routing add-on (preview) for Azure Kubernetes Service (AKS) will be retired on 3 March 2025. The HTTP application routing add-on is only supported up to Kubernetes version 1.22, which has already retired, according to the Azure…
I create a public warehouse acr, I will mirror the tag, push the image to the warehouse will show the following picture, I think the public warehouse does not need to log in, any advice on this problem?
This is the problem that occurs when the image is pushed after the tag This is the acr that was created
How do I log in to an AKS cluster and run the docker images command to view the image?
The Docker service cannot be found for the Cloud Shell CLI, the node cannot be logged in remotely, and an error is reported when logging in to the bastion host.
An exception has occured while trying to execute cluster diagnostic checks container on the cluster.
https://github.com/Azure/azure-cli-extensions/issues/5906 Facing the same issue This k3s cluster is running on an "AMR64" architecture in an raspberry PI 4 , but there is a helm folder inside the azure folder that is on AMD64.
Test outbound connectivity through all ips in an aks loadbalancer outbound rule
We have an aks cluster sitting behind an azure loadbalancer. All inbound/outbound connectivity to/from the aks cluster goes through this LB. The LB has an outbound rule with 13 public IP's. We have another system on prem which has some firewall rules to…
Best practices in peering Azure Kubernetes cluster with AWS REST API
Hi Team, I am proposing a solution where we want to use external services from a 3rd party company which provides it via the privileged REST API from AWS cloud. We want to peer this REST API via potentially REST/ MTLS call to our Kubernetes Cluster…
Configure AKS Container Insights to exclude collecting logs from pods based by name
We have Container Insights enabled on our AKS cluster, sending logs and metrics to AppInsghts. We want to configure Container Insights to exclude certain pods (based on pod name wildcard - 'myPod*') from sending logs. Based on my research, I found this…
Azure Chaos Studio with Chaos Mesh VNET Injection in Private Clusters Unsuccessful
I am beginning to evaluate Azure Chaos Studio usage with Chaos Mesh k8s experiments (AKS Chaos Mesh Pod Chaos for example). Our clusters are private and we've enabled VNET injection when setting them as Chaos targets which creates 2 subnets in the given…