Linux - Unofficial Azure Club

Linux

A collection of 14 posts

How to Setup an OpenVPN Server on Azure (Updated)

How to Setup an OpenVPN Server on Azure (Updated)

This is an updated version for my previous article How to Setup an OpenVPN Server on Azure to support configure OpenVPN on Ubuntu 22.04 since a lot of changes happened on Easy-RSA. Prerequisites * Ubuntu 22.04 VM deployed in Azure at least with one NIC which has public IP

Azure load balancer SNAT behavior explained - Annotations to tcp port numbers reused, ACK with wrong sequence number plus RST from 3-way handshake and SNAT port exhaustion

Load Balancer Featured

Azure load balancer SNAT behavior explained - Annotations to tcp port numbers reused, ACK with wrong sequence number plus RST from 3-way handshake and SNAT port exhaustion

This article will address azure external load balancer and focus on SNAT, explains a few of behaviors seen from network trace, provides a few of suggestions for application when it is behind of load balancer and requires SNAT.

Script to Trace Iptables Packet Flow

Script to Trace Iptables Packet Flow

Script to trace iptables packet flow

Ubuntu Generate Core Dump On Fly

Ubuntu Generate Core Dump On Fly

systemctl disable apport.service /etc/security/limits.conf * soft core unlimited * hard core unlimited /etc/sysctl.conf kernel.core_pattern=/cores/core.%e.%p.%h.%t mkdir /cores chmod a+rwx /cores sysctl -p int main() { int *p; return *p; } gcc -o t t.c .\t Coredump will be generated

Nginx Ingress Controller Debugging - Print Http Raw Header

Nginx Ingress Controller Debugging - Print Http Raw Header

1. kubectl exec YOUR_NGINX_INGRESS_CONTROLLER_POD -it -- cat /etc/nginx/template/nginx.tmpl > nginx.tmpl 2. Open nginx.tmpl, add below code block after location {{ $path }} { header_filter_by_lua_block { local h = ngx.req.get_headers() local request_headers_all = "" for k, v in pairs(h)

Useful Kubernetes Tricks

Kubernetes Featured

Useful Kubernetes Tricks

Find which RoleBinding/ClusterRoleBinding is related to a ServiceAccount kubectl get clusterrolebindings -o json | jq -r ' .items[] | select( .subjects // [] | .[] | [.kind,.namespace,.name] == ["ServiceAccount","kube-system","node-controller"] ) | .metadata.name' kubectl get clusterrolebindings -o json | jq -r '.items[] | select(.subjects // [] | .[] | [.name] == [""] ) | .metadata.name' kubectl get rolebindings --all-namespaces -o

Yet another way to troubleshoot K8S applications

Kubernetes Featured

Yet another way to troubleshoot K8S applications

There are plenty of articles explains how to debug K8S applications, for example * Troubleshoot Applications [https://kubernetes.io/docs/tasks/debug-application-cluster/debug-application/] * Connect with SSH to Azure Kubernetes Service (AKS) cluster nodes for maintenance or troubleshooting [https://docs.microsoft.com/en-us/azure/aks/ssh] Due to the nature of container's

Flannel Networking Demystify

Flannel Featured

Flannel Networking Demystify

In my previous article Deploy a Ubuntu Based Flannel K8S Cluster in Azure with ARM Template and Kubeadm [https://msazure.club/deploy-a-ubuntu-based-flannel-k8s-cluster-in-azure-with-arm-template-and-kubeadm/] , I provided an Azure ARM template to deploy a flannel networking K8S cluster on Azure. But how flannel networking works, in this article we will discuss a little

Persistent SSH Tunneling

Persistent SSH Tunneling

Imaging the sitaution that we need to access services behind NAT/firewall, how to achieve it? The answer is reverse SSH tunneling. Reverse SSH is a technique through which you can access systems that are behind a firewall from the outside world. In that case, the server behind NAT/firewall

Docker Macvlan Demystify

Macvlan Featured

Docker Macvlan Demystify

In this article, we are going to disucss a little bit about Macvlan and setup a Macvlan lab environment under Hyper-V host with 3 Ubuntu 16.04 VMs. 0 What is Macvlan Refer to Macvlan Driver [https://github.com/docker/libnetwork/blob/master/docs/macvlan.md] > The Macvlan driver provides

Using Lets Encrypt to Sign a Certificate

Using Lets Encrypt to Sign a Certificate

First of all, a private key is needed before genreate a signing request. Either use openssl openssl genrsa -out ~/domain.com.ssl/domain.com.key 2048 openssl req -new -sha256 -key ~/domain.com.ssl/domain.com.key -out ~/domain.com.ssl/domain.com.csr or use Azure key vault specially

Deploy a Ubuntu Based Flannel K8S Cluster in Azure with ARM Template and Kubeadm

Deploy a Ubuntu Based Flannel K8S Cluster in Azure with ARM Template and Kubeadm

The infomation migth be outdated here as acs-engine adds support for Flannel recently with PR 2967 [https://github.com/Azure/acs-engine/pull/2967] However, if you want to gain more control on your kubernetes cluster in Azure, in our case, by using kubeadm, this article still applies. 0. Prerequisites * Azure

Configure Ubuntu to Support Multiple NICs in Azure

Configure Ubuntu to Support Multiple NICs in Azure

By default, in Linux, if multiple NICs are in same subnet, all traffics will route through the default NIC that usually will be eth0, if multiple NICs are added, to route traffics back to the NIC that receives it, we need to create route table for that NIC, refer to

How to Enable Accelerated Networking for Existing Linux VM

How to Enable Accelerated Networking for Existing Linux VM

How to enable accelerated networking for existing Linux VM