Failed to install AKS on Az Stack HCI - azure-aks

I try to install AKS on Azure stack HCI cluster but it stuck at Validating Load Balancer VIP, though my control-plane appliance is up and running.
this error shows at install-AksHci command

You should enable full traffic between Management host VLAN and AKS Vlan. I recommend to enable full internet access to those VLANs

Related

How can I run docker behind the GRE Tunnel?

So I am having a pterodactyl installation on my node,
I am aware that pterodactyl runs using docker so to protect my Backend IP from being exposed when connecting to the servers I am using a GRE Tunnel from X4B.net
After installing the script I was provided by X4B I got this message
Also Note: This script does not adjust the configuration of your applications. You should ensure your applications are bound to 0.0.0.0 or the appropriate tunnel IP.
At first I was confused and tried connecting to my server but nothing worked, so I was thinking that it was due the docker not being bounded to 0.0.0.0
As for the network layout I was provided with:
10.16.1.200/30 Network,
10.16.1.201 Unified Gateway,
10.16.1.202 Bound via NAT to 103.249.70.63,
10.16.1.203 Broadcast
So If I host a minecraft server what IP address would I use?

Unable to deploy portainer agent to docker swarm - /proc/sys/net/bridge/bridge-nf-call-iptables: permission denied

I've been having an issue deploying the Portainer agent across a newly created Docker swarm. One of the nodes starts the agent without any issue [we'll call that HOST#1] but then HOST#2 will just
infinitely try to deploy the agent container (showing preparing container under the services menu in portainer), before eventually showing failed with the below error message and then attempting to create a new container.
Error:
starting container failed: error creating external connectivity network: cannot restrict inter-container communication: open /proc/sys/net/bridge/bridge-nf-call-iptables: permission denied
What i've tested/tried
I have been following the instructions outlined on the portainer wiki and using the agent-stack.yml file for adding an existing agent to a swarm, https://docs.portainer.io/v/ce-2.11/start/install/agent/swarm/linux I did also try delete the agent altogether from the swarm and deyploying it again, with the same results.
No issues deploying the hello world service to the swarm.
Temporarily disabling ufw
setting ufw allow in on docker0
setting ufw allow in on docker_gwbridge
docker node ls reports both nodes are Ready & avalible
Environment details:
Both systems running Ubuntu server 20.04
Both systems running Docker version 20.10.12
Both systems running kernel versions 5.4.0*
Both are running as manager nodes in the swarm
Portainer Agent 2.11.0
The system unable to deploy the Agent is a OpenVZ VPS [HOST#2]
The VPS [HOST#2] is connected to my local network via a OpenVPN (layer 2) tap adapter, therefore the swarm is connecting over the VPN
HOST2 is running ufw for firewall management while HOST1 is not
I'm quite new to docker swarm but i have been using docker for many years. Any help highly appreciated

Problems with Docker swarm manager on Google Cloud and Oracle Cloud VPC

My scenario has 7 nodes, 4 running in AWS (each one in a different account), 1 running in LINODE, 1 running in Google Cloud and 1 running in Oracle Cloud. Every node is using external IP, and I checked firewall ports into the provider and ensure that is disabled on the VM. I also edited the hosts files in each node to ensure that they will be reachable, all they are pinging ok.
All machines running in AWS and Linode can join the SWARM both as a worker or as a manager, but the machines running in the Google Cloud and Oracle, just can join as a worker.
Using one AWS node as Leader, I got the following error messages...
docker node ls on leader
trying join node from Oracle
trying join node from Google Cloud
At last, I tried to make the Google Cloud node as a leader into a new SWARM, and tried to join the Linode and Oracle Nodes into it and got the following error message
trying to join o a new swarm
In this last attempt, the node that I tried to add says that he is into a swarm but when I run a docker node ls into the Leader, no new nodes are added...
Anyone already used Google Cloud or Oracle to run dockers and swarm can help me to figure out what more I need configure or what port or protocol more I need to allow. I already tried to permit all traffic from the nodes IP... in theory, everything would be allowed...
My best regards,
Leonardo Lima
Google Cloud Platform handles implied Firewall rules and also have default Ingress rules added once a new VPC is created. If you don't explicitly allow the Ingress traffic to specific ports in the node/nodes within the VPC, connection will timeout. Therefore, you need to allow the traffic to the node through the manager port (2377) from 0.0.0.0/0 (any source). So, these are the networking configurations that we need to review before understand why you can't connect to your node as Manager.

Is using NSG on AKS advanced networking subnet supported and what are the ports needed to be open between nodes and master?

What port for TCP/UDP communication needs to be open between the nodes and the master of azure kubernetes services, when the nodes are in a subnet that uses advanced networking?
For security reasons we have to use a Network Security Group on every subnet that is connected to the onpremises network via VPN in azure. This NSG has to deny every implicit traffic between machines even in the same subnet to hinder attackes from traversing between systems.
So it is the same for the azure kubernetes services with advanced networking, that uses a subnet which is connected via vnet peering.
We couldn't find an answer if it is a supported scenario to have a NSG on the subnet of the aks advanced network and what ports are needed to make it work.
We tried our default NSG which denies inter traffic between host, but this hinders us from connecting to the services and from nodes to come up without errors.
AKS is a managed cluster. And the managed cluster master means that you don't need to configure components like a highly available etcd store, but it also means that you can't access the cluster master directly.
When you create an AKS cluster, a cluster master is automatically created and configured. And the Azure platform configures the secure communication between the cluster master and nodes. Interaction with the cluster master occurs through Kubernetes APIs, such as kubectl or the Kubernetes dashboard.
For more details, see Kubernetes core concepts for Azure Kubernetes Service (AKS). If you need to configure the cluster master and other things all by yourself, you can deploy your own Kubernetes cluster using aks-engine.
For the security of your pods, you can use the network policy to improve it. Although it's just a preview version.
Also, it's not recommended to expose the remote connectivity to the AKS cluster nodes if you want to connect to the AKS nodes. The suggestion is that create a bastion host, or jump box, in a management virtual network. Use the bastion host to securely route traffic into your AKS cluster to remote management tasks. For more details, see Securely connect to nodes through a bastion host.
If you have more questions, please let me know. I'm glad to provide more help.

cloudera cluster installation failed on docker

I am very new to cloudera. I'm trying to add a host in cloudera manager but it fails with following error
Installation failed. Failed to receive heartbeat from agent.
Ensure that the host's hostname is configured properly.
Ensure that port 7182 is accessible on the Cloudera Manager Server (check firewall rules).
Ensure that ports 9000 and 9001 are not in use on the host being added.
Check agent logs in /var/log/cloudera-scm-agent/ on the host being added. (Some of the logs can be found in the installation
details).
If Use TLS Encryption for Agents is enabled in Cloudera Manager (Administration -> Settings -> Security), ensure that
/etc/cloudera-scm-agent/config.ini has use_tls=1 on the host being
added. Restart the corresponding agent and click the Retry link here.
I'm running cloudera-quickstart-vm (https://github.com/caioquirino/docker-cloudera-quickstart) in a docker container running on ubuntu based google cloud VM.
I create a tunnel to cloudera manager using PuTTY on port 172.17.xx.1:7180 where the IP is the docker IP. I access it in browser as localhost:7180
This same IP resolves as hostname in first step of adding new host.
When I run "hostname" command in my container, I get the container id e.g. 0cb223fcfe64. If I try to add this as a hostname I get message "Could not connect to host"
How can I resolve these errors and add a new host?
I have reviewed other similar posts on stackoverflow and cloudera forum but none of the solutions worked for me. If any more information is required, let me know and I will try to provide more details.
Any help will be appreciated.

Resources