I am a Lead Cloud and DevSecOps Consultant. I love sharing my knowledge with everyone. If you are looking to learn Cloud, DevOps and Kubernetes, then this channel will definitely help you.
First minute is actually wrong. Azure subnet route tables are automatically populated with systems routes, one of which is "Internet" "If you don't override Azure's default routes, Azure routes traffic for any address not specified by an address range within a virtual network to the Internet. There's one exception to this routing. If the destination address is for one of Azure's services, Azure routes the traffic directly to the service over Azure's backbone network" So traffic to internet destine for azure owned prefixes never leaves the az backbone. The service endpoints introduced an "optimized" route to reach azure services without having it traverse the traditional egress route to the internet. Ultimately this was introduced because people couldn't get their head around the fact that the traffic just didn't leave azure.
@naturevibezz12 күн бұрын
how to preserve the client ip with X-forwarding in App gateway?
@kayoutube69013 күн бұрын
This ssl is also recommended in prod?
@user-gg9bh9cz4r15 күн бұрын
Thank you sir. Very informative. Any suggestion how to rewrite the requests coming to AppGW containing some path, i.e. `/api/gen_2/service_endpoint` to remove the `/api/gen_2` part ?
@abhijeettanawade750419 күн бұрын
Can we use azure vault to store certificate and use it with aks ingress for ssl termination?
@techno312228 күн бұрын
Hi, just to say thank you for your videos, it's been great with learning, however none of your github links are working anymore and this is quite limiting in my learnings, can you update your links and provide them again?
@shivprasadgurjar487Ай бұрын
good explanation. i am looking someone who can teach me complete aks with devops pipeline
@vinaykumarpandey1006Ай бұрын
i have done this but having errors as 1-Cannot find an open port. 2-No subscription found in the context. Please ensure that the credentials you provided are authorized to access an Azure subscription, then run Connect-AzAccount to login. 3- As warning - Port 8400 is taken with exception 'A socket operation encountered a dead network'; trying to connect to the next port. can you please support ?
@eric22flatАй бұрын
Great video, much better than non-existent MS implementation guide for this product, I have 2 questions: 1. Are you aware of any method of putting backend server into maintenance mode for example when patching? It would be going up and down when patching so I don't want any connections going to that server. Looks like the only way now is just to remove it from the backend pool 2. Custom health probe for https. Looks like the only way to make it working is to use the FQDN of the load balancer as the host name. It's a bit counter intuitive to ask the load balancer how to find the backend servers but it works. Are you aware of any MS article explaining this?
@user-eu5no3mx3oАй бұрын
Very nicely explained @shailender. Also, consider "Free automated SSL certificates in Azure Key Vault with ACME Certbot" for better life-cycle management.
@bluesque96872 ай бұрын
Watch at 1.5x The content is good.
@takkerutube2 ай бұрын
Simple, clear and precise explanation. Thanks for the Great video!
@nagendra32542 ай бұрын
Beautiful
@maheshtorane79772 ай бұрын
Hi Shailender, very good video and detail explanation. thanks for the session. i have one question instead of port forwarding to localhost i want access grafana and Prometheus using url. can you help me for this how can i setup this.
@praveen_18052 ай бұрын
Wanted to know if we can achieve the same deployment to aks via creating a seperate release pipeline?? What would be the difference between this and with two diff ci and cd release pipeline? Which is used in companies?
@rajeshe98852 ай бұрын
i am planning to connect multiple instance to central keyvault in your demo you are added vm scaleset instead of that can i use azure service principal id or userAssignedIdentityID if yes can you please provide those steps
@shivprasadgurjar4872 ай бұрын
Good video. This pod is created just to check the secret right, for another application pods we dont need to do anything right. It will get connected with password?
@vinaykumarpandey10062 ай бұрын
Very good
@jigneshvyas31053 ай бұрын
Thank you very much. Can we add secure flag to cookies generated by app server. Because the app server is not configured to set the cookies with secure flag.
@TwinBrothers883 ай бұрын
Very nice bro
@glebfadeev97823 ай бұрын
Nice
@naturevibezz3 ай бұрын
Can we preserve client IP address in Azure firewall?
@shailenderchoudhary19883 ай бұрын
No, Azure Firewall itself doesn't offer a way to preserve the original client IP address as it performs Network Address Translation (NAT) by default.
@naturevibezz3 ай бұрын
@@shailenderchoudhary1988 is there any way to export Azure application gateway logs to some other third party monitoring tool?
@awsservices81443 ай бұрын
hi can you tell me how to do with Kubernetes manifest also.According to my understanding we can also use Azure Insights and from there we can install Prometeous and grafana right. From there how to analyse the Pods information. Integration i dont have any idea.
@uday73983 ай бұрын
Azure app gateway has public ip but windows vm has private ip. Can you show how to use in that case?
@shaikhmusaif17803 ай бұрын
Path base routing is not working bro
@prakashd1393 ай бұрын
It's a wonderful video. I learnt about some security headers which I haven't even heard before. A Quality video. Thank you so much for sharing your knowledge.
@shailenderchoudhary19883 ай бұрын
Glad you enjoyed it!
@naturevibezz3 ай бұрын
when I enter the domain name given to the application gateway in the browser, the request is automatically redirected to the web app default URL. How this is possible?
@rajasekharjasthi7273 ай бұрын
Is there any feature here trace the API call indentify the root cause for high response times? .ex:like dynatrace will trace back API call where it was spending the time .
@KristianIliev-jh7bt3 ай бұрын
Is there a way to use the Certificate from a Key Vault in a different Subscription?
@user-eu5no3mx3oАй бұрын
"Free automated SSL certificates in Azure Key Vault with ACME Certbot" for better life-cycle management.
@KristianIliev-jh7btАй бұрын
@@user-eu5no3mx3o I figured it out. You can use key vault from different subscription but you only can set it up with cli. Portal doesn't work.
@vladimirnekic3241Ай бұрын
I don't think you understand the concept. It's free.. you don't need to use a certificate from another Key Vault. Work with IT to automate this and generate new free certificates... AKA WILDCARD ;)
@user-nd8bm3qv3g4 ай бұрын
why didn't you use the default storage class? Can you please explain because I am not able to mount the volumes using the azure key vault using the default storage class.
@TechTribe-fq5zs4 ай бұрын
only used egress policy then show from where traffic is block
@Indian-developer3864 ай бұрын
Hi, fantastic tutorial. Could you please provide more videos showing Ubuntu virtual machine running Azure? Let's Encrypt and CertBot are being used by me on an Ubuntu 20.4 Virtual Machine to generate and automatically renew an SSL certificate. The process of issuing certificates is going well, however I'm having some trouble with the DNS URL generation for the Application Gateway. The https URL provided by Certbot states "Certificate is generated successfully" but the https link is still inactive and shows "Page not found". The same webpage is loaded when I hit the same URL with http. I mean the SSL certificate generated for Application Gateway's DNS is not working.
@srilatha36434 ай бұрын
Awesome video !! Very helpful poc for job aspirants
@peesa59454 ай бұрын
Hi Shailender, very crisp explaination. Can we get container insights metrics for cpu and memory utilization using any script say python or powershell script? TIA
@DanuSenanayake-mp1dp4 ай бұрын
Is it possible to host 3 websites using 1azure application gateway? (I'm a student)
@ggs64754 ай бұрын
I have a simairl set up but I connect a webapp to a SQL db that is in a private vnet, I am using private vnet integration onto the webapp and connects via private DNS zone to the vnet. Is this secure? The webapp has to be public facing. Why is VNET better and must I have a public facing IP for the SQL db when the private vnet connection via web app integration works fine?
@Gunvant_Mahajan4 ай бұрын
Very nice explanation
@PhucNguyen-uw4we4 ай бұрын
Can you share the start/stop runbook?
@klajdikanani53394 ай бұрын
Well explained and really useful, thanks a lot for sharing it, great job :)
@user-pj5hh6cu4z5 ай бұрын
SUPER BRO
@ShaoqiLiang5 ай бұрын
HI, one question, Does the Azure Load Balancer "kubernetes" created by ingress nginx automatically or created manually?
@Gunvant_Mahajan5 ай бұрын
Very nice information on AG
@user-vv7mi2cz8c5 ай бұрын
how to start/stop multiple AKS clusters at once
@ravipatel39325 ай бұрын
Thank you for creating this, I googled a lot but couldn't figure out a way to export Let's encrypt as pfx. Didn't realize that the ACME client has that option.🙄. Is there a way to automatically renew this certificate? Without that this will be a headache.
@Sambro001015 ай бұрын
Bull shit video 😂
@ksuresh42705 ай бұрын
Can i have the github link ?
@ksuresh42705 ай бұрын
Thanks a lot
@g1smikcp5 ай бұрын
Please give your blog link
@siddiquivlogs81735 ай бұрын
can nested redirection be achieved using AG like site 1-> site 2 -> site 3 ??
Пікірлер
Super 😊❤
First minute is actually wrong. Azure subnet route tables are automatically populated with systems routes, one of which is "Internet" "If you don't override Azure's default routes, Azure routes traffic for any address not specified by an address range within a virtual network to the Internet. There's one exception to this routing. If the destination address is for one of Azure's services, Azure routes the traffic directly to the service over Azure's backbone network" So traffic to internet destine for azure owned prefixes never leaves the az backbone. The service endpoints introduced an "optimized" route to reach azure services without having it traverse the traditional egress route to the internet. Ultimately this was introduced because people couldn't get their head around the fact that the traffic just didn't leave azure.
how to preserve the client ip with X-forwarding in App gateway?
This ssl is also recommended in prod?
Thank you sir. Very informative. Any suggestion how to rewrite the requests coming to AppGW containing some path, i.e. `/api/gen_2/service_endpoint` to remove the `/api/gen_2` part ?
Can we use azure vault to store certificate and use it with aks ingress for ssl termination?
Hi, just to say thank you for your videos, it's been great with learning, however none of your github links are working anymore and this is quite limiting in my learnings, can you update your links and provide them again?
good explanation. i am looking someone who can teach me complete aks with devops pipeline
i have done this but having errors as 1-Cannot find an open port. 2-No subscription found in the context. Please ensure that the credentials you provided are authorized to access an Azure subscription, then run Connect-AzAccount to login. 3- As warning - Port 8400 is taken with exception 'A socket operation encountered a dead network'; trying to connect to the next port. can you please support ?
Great video, much better than non-existent MS implementation guide for this product, I have 2 questions: 1. Are you aware of any method of putting backend server into maintenance mode for example when patching? It would be going up and down when patching so I don't want any connections going to that server. Looks like the only way now is just to remove it from the backend pool 2. Custom health probe for https. Looks like the only way to make it working is to use the FQDN of the load balancer as the host name. It's a bit counter intuitive to ask the load balancer how to find the backend servers but it works. Are you aware of any MS article explaining this?
Very nicely explained @shailender. Also, consider "Free automated SSL certificates in Azure Key Vault with ACME Certbot" for better life-cycle management.
Watch at 1.5x The content is good.
Simple, clear and precise explanation. Thanks for the Great video!
Beautiful
Hi Shailender, very good video and detail explanation. thanks for the session. i have one question instead of port forwarding to localhost i want access grafana and Prometheus using url. can you help me for this how can i setup this.
Wanted to know if we can achieve the same deployment to aks via creating a seperate release pipeline?? What would be the difference between this and with two diff ci and cd release pipeline? Which is used in companies?
i am planning to connect multiple instance to central keyvault in your demo you are added vm scaleset instead of that can i use azure service principal id or userAssignedIdentityID if yes can you please provide those steps
Good video. This pod is created just to check the secret right, for another application pods we dont need to do anything right. It will get connected with password?
Very good
Thank you very much. Can we add secure flag to cookies generated by app server. Because the app server is not configured to set the cookies with secure flag.
Very nice bro
Nice
Can we preserve client IP address in Azure firewall?
No, Azure Firewall itself doesn't offer a way to preserve the original client IP address as it performs Network Address Translation (NAT) by default.
@@shailenderchoudhary1988 is there any way to export Azure application gateway logs to some other third party monitoring tool?
hi can you tell me how to do with Kubernetes manifest also.According to my understanding we can also use Azure Insights and from there we can install Prometeous and grafana right. From there how to analyse the Pods information. Integration i dont have any idea.
Azure app gateway has public ip but windows vm has private ip. Can you show how to use in that case?
Path base routing is not working bro
It's a wonderful video. I learnt about some security headers which I haven't even heard before. A Quality video. Thank you so much for sharing your knowledge.
Glad you enjoyed it!
when I enter the domain name given to the application gateway in the browser, the request is automatically redirected to the web app default URL. How this is possible?
Is there any feature here trace the API call indentify the root cause for high response times? .ex:like dynatrace will trace back API call where it was spending the time .
Is there a way to use the Certificate from a Key Vault in a different Subscription?
"Free automated SSL certificates in Azure Key Vault with ACME Certbot" for better life-cycle management.
@@user-eu5no3mx3o I figured it out. You can use key vault from different subscription but you only can set it up with cli. Portal doesn't work.
I don't think you understand the concept. It's free.. you don't need to use a certificate from another Key Vault. Work with IT to automate this and generate new free certificates... AKA WILDCARD ;)
why didn't you use the default storage class? Can you please explain because I am not able to mount the volumes using the azure key vault using the default storage class.
only used egress policy then show from where traffic is block
Hi, fantastic tutorial. Could you please provide more videos showing Ubuntu virtual machine running Azure? Let's Encrypt and CertBot are being used by me on an Ubuntu 20.4 Virtual Machine to generate and automatically renew an SSL certificate. The process of issuing certificates is going well, however I'm having some trouble with the DNS URL generation for the Application Gateway. The https URL provided by Certbot states "Certificate is generated successfully" but the https link is still inactive and shows "Page not found". The same webpage is loaded when I hit the same URL with http. I mean the SSL certificate generated for Application Gateway's DNS is not working.
Awesome video !! Very helpful poc for job aspirants
Hi Shailender, very crisp explaination. Can we get container insights metrics for cpu and memory utilization using any script say python or powershell script? TIA
Is it possible to host 3 websites using 1azure application gateway? (I'm a student)
I have a simairl set up but I connect a webapp to a SQL db that is in a private vnet, I am using private vnet integration onto the webapp and connects via private DNS zone to the vnet. Is this secure? The webapp has to be public facing. Why is VNET better and must I have a public facing IP for the SQL db when the private vnet connection via web app integration works fine?
Very nice explanation
Can you share the start/stop runbook?
Well explained and really useful, thanks a lot for sharing it, great job :)
SUPER BRO
HI, one question, Does the Azure Load Balancer "kubernetes" created by ingress nginx automatically or created manually?
Very nice information on AG
how to start/stop multiple AKS clusters at once
Thank you for creating this, I googled a lot but couldn't figure out a way to export Let's encrypt as pfx. Didn't realize that the ACME client has that option.🙄. Is there a way to automatically renew this certificate? Without that this will be a headache.
Bull shit video 😂
Can i have the github link ?
Thanks a lot
Please give your blog link
can nested redirection be achieved using AG like site 1-> site 2 -> site 3 ??