AKS Quick Few Tips

  1. Do not create AKS cluster in a VNET where existing resources are present.
  2. Always use separate VNET for AKS cluster creation.
  3. Service, POD and Docker bridge address can be any range in AKS
  4. DNS service IP should be configured from Service CIDR in AKS

Azure Resource Mover

Definition:

The Azure resource mover is used to move resources from one region to another region.

Advantages:

  • A single hub for moving resources across regions.
  • Reduced move time and complexity.
  • A simple and consistent experience moving different types of Azure resources.
  • An easy way to identify dependencies across resources you want to move. This helps you to move related resources together, so that everything works as expected in the target region, after the move.
  • Automatic cleanup of resources in the source region, if you want to delete them after the move.

Resources which we can move:

  • Azure VMs and associated disks
  • Encrypted Azure VMs and associated disks. This includes VMs with Azure disk encryption enabled, and Azure VMs using default server-side encryption (both with platform-managed keys and customer-managed keys)
  • NICs
  • Availability sets
  • Azure virtual networks
  • Public IP addresses
  • Network security groups (NSGs)
  • Internal and public load balancers
  • Azure SQL databases and elastic pools.

Powershell commands to create Azure Storage Accounts

Command1:

Creating Blob Storage :

New-AzureRmStorageAccount -ResourceGroupName sandbox -AccountName raghuseshulab02 -Location centralUS -Kind BlobStorage -SkuName Standard_GRS -AccessTier Hot

Command2:

Creating StorageV2:

New-AzureRmStorageAccount -ResourceGroupName sandbox -AccountName testlab130 -Location centralUS -Kind StorageV2 -SkuName Standard_GRS -AccessTier Hot

Command3:

Creating StorageV1:

New-AzureRmStorageAccount -ResourceGroupName sandbox -AccountName testlab140 -Location centralUS -Kind Storage -SkuName Standard_GRS

Azure VPN Gateway Troubleshooting Steps:

  1. Log in to the Azure Portal portal.azure.com
  2. Go to all services > type Virtual network gateway service.
  3. Select virtual gateway, for which we are facing the issue.
  4. Click on VPN troubleshoot.
  5. Start VPN troubleshooting after selecting the VPN gateway
  6. VPN logs will transfer to storage container
  7. Perform a deep analysis of VPN logs
  8. Second troubleshooting step is verifying the VPN gateway health probe using VPN Gateway public IP.

Eg: https://<PublicIP&gt;:8081/healthprobe

9. If you see the xml response then VPN gateway is working fine.

Copy files from one S3 bucket to another S3 bucket on same account

  1. Create a new S3 bucket testbucketbkp1.
  2. Create a new S3 bucket testbucketbkp2.
  3. Upload a test file to testbucketbkp1.
  4. Now install the AWS CLI on PC.
  5. Type aws configure

Enter the access key ID and secret access

6. Copy the objects between the source and target buckets using sync command

aws s3 sync s3://testbucketbkp1 s3://testbucketbkp2

8. The sync command uses the CopyObject APIs to copy objects between S3 buckets.

Public Cloud Vendor Service Icon Links

AWS Icons Link:

https://d1.awsstatic.com/webteam/architecture-icons/Q32020/AWS-Architecture-Icons-Deck_For-Dark-BG_20200911.pptx.d3ede776850ba23f4fdbf63270c3a0be9e801d25.zip

https://d1.awsstatic.com/webteam/architecture-icons/Q32020/AWS-Architecture-Icons-Deck_For-Light-BG_20200911.pptx.b238f9167071d2e7dccf32957782161dd1fe7a56.zip

GCP Icons Link:

https://docs.google.com/presentation/d/1aGOTpNdCoO4GXZ2es38ZFO5qPGEAjTtDSVeHaDpwsas/edit#slide=id.g5e923c6224_190_56

Azure Icons Link:

https://arch-center.azureedge.net/icons/Azure_Public_Service_Icons_V3.zip

Difference Between AWS Classic and Application Load Balancer:

FeatureClassic Load BalancerApplication Load Balancer
ProtocolsHTTP, HTTPS, TCP, SSLHTTP, HTTPS
PlatformsEC2-Classic, EC2-VPCEC2-VPC
Sticky sessions (cookies)YES (you can provide your own application cookie)Load balancer generated
Back-end server authenticationYESNO
Back-end server encryptionYESYES
Idle connection timeoutYESYES
Connection drainingYESYES
Cross-zone load balancingYESAlways enabled
Health checksYESYES
CloudWatch metricsYESYES
Access logsYESYES
Path-based routingNOYES
Route to multiple ports on a single instanceNOYES
HTTP/2 supportNOYES
Websockets supportNOYES
Load balancer deletion protectionNOYES

Cloud Storage Cost Details

PricingAWSAzureGoogle
StorageAmazon S3Azure blob storageGoogle Cloud storage
Pricing Details First 50TB/month –> $0.023 per GB
Next 450TB/month –> $0.022 per GB
Next 500TB/month –>$0.021 per GB
GRS (Global redundant system)
First 50TB/month –> $0.0368 per GB
Next 450TB/month –> $0.0354 per GB
Over 500TB/month  –> $0.0339 per GB
LRS (Local redundant system)
First 50TB/month –> $0.0184 per GB
Next 450TB/month à $0.0177 per GB
Over 500TB/month  à $0.0170 per GB
Cloud Storage:
Multi regional à $0.026 to 0.036 per GB/month
Regional à $0.02 to $0.035 per GB/month
Cold line (Archive) à $0.004 to $0..014 per month
Archive
Details
S3 Glacier (Archive) –> $0.004 per GBArchive –> 0.01 GB per monthCold line (Archive) –> $0.004 to $0..014 per month

F5 BIGPIPE AND TMSH COMMANDS

bigpipe commandTMSH Commands
b arp showshow /net arp all
b arp all deletetmsh delete /net arp all
b class DATA-GROUP mode readmodify ltm data-group DATA-GROUP access-mode read-only
b class showshow running-config /ltm data-group
b cluster showshow /sys cluster all-properties
b config save file.ucssave /sys ucs file.ucs
b config install file.ucsload /sys ucs file.ucs
b config syncrun /sys config-sync
b config syncrun /cm config-sync from-group/to-group DEVICEGROUPNAME
b conn showshow /sys connection
b conn show allshow /sys connection all-properties
b conn ss server node-ip:node-port deletedelete /sys connection ss-server-addr node-ip ss-server-port node-port
b daemon listlist /sys daemon-ha all-properties
b db < key name > < value >modify /sys db < key name > value < value >
b db Platform.PowerSupplyMonitor disabletmsh modify sys db platform.powersupplymonitor value disable
b db showshow running-config /sys db -hidden all-properties
b export my.config.scfsave /sys scf my.config.scf
b failover standbyrun /sys failover standby
b failover showshow /sys failover
b failover standbyrun /util bigpipe fo standby
b ha tableshow /sys ha-status all-properties
b hardware baud ratemodify /sys console baud-rate
b system console inactivity timeout #tmsh modify sys global-settings console-inactivity-timeout #
b ha table showshow /sys ha-status all-properties
b httpd listlist /sys httpd
b interface show -jshow /net interface -hidden all-properties
b loadload sys config partitions all
b mergeload /sys config merge
b merge /path/to/file.txttmsh load /sys config file /path/to/file.txt merge
b mgmt showshow running-config /sys management-ip
b mgmt route any gateway 192.168.0.1tmsh create /sys management-route default gateway 192.168.0.1
b monitor showshow /sys memory
b nat showshow /ltm nat all or list /ltm nat all-properties
b node all monitor showlist ltm node monitor
b node showshow /ltm node
b ntp servers 10.10.10.10modify sys ntp servers add { 10.10.10.10 }
b partitionlist auth partition
b persisttmsh show ltm persistence persist-records
b platformshow /sys hardware
b pool listlist /ltm pool
b pool mypool member 192.168.0.1:80 addtmsh modify /ltm pool mypool members add { 192.168.0.1:80 }
b pool mypool member 10.10.10.10:80 down(v10.2.4) tmsh modify ltm pool webbian443 members modify { 192.168.10.16:https { state down } } | (v11.1) tmsh modify ltm pool httppool1 members modify { 10.10.10.10:80 { state user-down }
b savesave sys config
b self showshow running-config /net self
b softwareshow sys software
b versionshow /sys version
b virtual address showshow /ltm virtual-address all-properties