Skip to main content

Unable to access Ingress Controller in Azure AKS issue

I've upgraded my AKS nodes in Cluster last night.
After upgraded both nodes, all my apps went down and all my internal load balancers was not able to access.

Spending many hours in troubleshooting and ends up with the miserable findings of root caused.

That's it....

The Resource Tagging used in my Cluster and it's resource has exceed more than 50 tags.
Microsoft recommendation is to maintain the tags less than 20.

After I've removed over 30 tags and refresh the nodes then only all my resources are back up online as well as the applications.

Currently, the resource sync the tags with cluster are below,

AKS Cluster itself
Router Table
Pubic IP
Load Balancer
Network Security Group
Virtual Network
AKS managed kubelet msi
AKS managed addon msi
Private DNS zone
Private endpoint

So, beware this when you have more than 50 tags on your AKS Cluster.

Cheer! 

Have a good day.
(Be knowledgeable, pass it on then)

Comments

  1. Natural Treatment for Peyronie’s Disease used to treat or reduce the symptoms. The goal of Herbal Supplement is to reduce pain and keep you sexually active.

    ReplyDelete

Post a Comment

Popular posts from this blog

Link Aggregating with Synology NAS and Cisco Switch

I’d like to share how to setup Link Aggregating between Synology NAS and Cisco Switch. I’ve got one Synology NAS with 4 Network Ports and I’m going to use 2 of them. Both Network Port to be as one Logical Link, Fault Tolerance and Load Balancing. To do that, I need to configure Link Aggregating on Synology NAS and EtherChannel with LACP on Cisco Switch. Below is brief steps to do to meet with my requirements. - Get connected Synology NAS and Cisco Switch as shown in picture. - Bonding two Network Ports of Synology NAS and assign IP Address - Configure EtherChannel with LACP in Cisco Switch and add two physical ports as Member. OK. Let’s begin from Synology NAS. - Login to the Synology and go to Control Panel>Network>Create>Create Bond - Select IEEE 802.3ad to get Fault Tolerance and Load Balancing Featureyou’re your switch not support 802.3ad you can only select Fault Tolerance only feature). After that click “Next”. - Choose the network port f

How to check the vpn user list and session in Cisco ASA 5520?

You've deployed Cisco ASA Firewall and setup Local AAA Server to create useraccount for IPSec VPN usage. As a network administrator, you've responsibility to check and monitor the list of vpn user and active session for security and audit purpose. You can use ASDM GUI to do such task but its handy to do. So, it is better to user CLI for that. Below are some useful commands to check user list and active vpn user sessions. To check user list, use below commands - show run | grep username - show aaa local user To check active vpn user list and sessions, use below commands - show vpn-sessiondb remote | grep Username (This command result will let you know how many user are active) - show vpn-sessiondb remote filter name username (This filter command will let you know details of vpn session user by inserting active vpn username in "username" ) Yes. That's all. Here I show you with Cisco ASA 5520 and its software version is 8.2 (5). May

PAN OS API Key problem after upgrade from 7 to 8

When you use External Block List for Malicious IP with your PaloAlto, you need API Key for your server to refresh the list whenever you update the content. The API key syntax for PAN OS 7 and 8 is different and it will take your time after you upgrade PAN OS. So here is the solution what I've tested. Syntax for 7 is https://<firewall IP>/api/?type=op&cmd=<request><system><external-list><refresh><name>Type your EBL Name Here</name></refresh></external-list></system></request>&key="API Key" Syntax for 8 is https://<firewall ip>/api/?type=op&cmd=<request><system><external-list><refresh><type><ip> <name>Type your EBL Name Here</name></ip> </type></refresh></external-list></system></request>&key="API Key" Have fun with PAN OS. Thanks. Have a good da