Resize boot volume of a Linux EC2 instance.
P2S (Point to site) connection on Azure Virtual WAN Part 3
13. Keep the file handy. This is
the rootcertificate.cer file containing the hash that you’ll copy onto the
User VPN configuration on your Azure Public Certificate field as shown on the image
below. The same hash will be used on the vpnconfig.ovpn file that needs to be
configured for your OpenVPN client.
14.Now in Azure portal, go to
virtual wan and then select user vpn configuration.
15.Now create in user vpn
configuration.
16.Type the name of the configuration
and then in tunnel type select Open VPN and Ikev2.
17.Then go to azure certification
tab and select yes.
18.Then give root certificate
name as P2Srootuser and the public certificate data that we get form exported
Public cert in previous steps.
19.Then click on review and
create and then click on create.
20.Once the configuration is created
you will able to see it in user vpn config section.
21.Now again go to Hubs and open
the created HUB.
22.Now go to USER VPN (Point to
Site) and then click on create user vpn gateway.
23.Select Gateway scale unit as
per requirement. Select Newly created user vpn configuration in point to site
configuration section and then enter the Ip address range used to assign during
vpn connection.
We have taken 172.29.23.0/24 as
Ip address range. And then click on create.
24.Once VPN is deployed you will able to see the following details.
25.Now again go to virtual wan
and then user vpn configurations.
26.And the download the virtual
wan user VPN profile.
27.Select EAPTLS and then click
on generate and download the profile.
28.Now to connect point to the site.
Login to you want to connect, here we will be using a window virtual
machine for demonstration.
29.Now copy the downloaded awsconfig.zip
and P2S ChildCert to the VM.
30.The install the P2sChildCert
in the VM.
31.The extract the config file
and run the desired client setup.
P2S (Point to site) connection on Azure Virtual WAN Part 2
10. Export the root certificate public key (.cer) and follow along prompts. When asked if you want to export the private key, choose “Do not export private key” then on the Export File Format, select Base-64 encoded X.509 (.CER).
11. Export the root certificate child
key (.cer) and follow along prompts. When asked if you want to export the
private key, choose “yes export private key” then on the Export File Format,
select Base-64 encoded X.509 (.CER).
P2S (Point to site) connection on Azure Virtual WAN Part 1
1.Create a Resource Group in Azure.
2.Search virtual wan in the Azure portal.
3.Click on virtual vWAN.
4.Click on create new vWAN with the following details.
Subscription-
Resource group name-
Name- testvWAN
Type- Standard
5.Once vWAN is created go to testvWAN and click on Hubs.
Region- south-central-us
Name- aws-mum-hub
Hub private address space- 192.168.10.0/24
a.
Create a self-signed root certificate. On
PowerShell run this:
$cert = New-SelfSignedCertificate -Type Custom -KeySpec Signature -Subject
“CN=P2SRootCert” -KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength
2048 -CertStoreLocation “Cert:\CurrentUser\My” -KeyUsageProperty Sign -KeyUsage
CertSign
b. Still on same PowerShell console, generate a
client certificate:
New-SelfSignedCertificate -Type Custom
-DnsName P2SChildCert -KeySpec Signature -Subject “CN=P2SChildCert”
-KeyExportPolicy Exportable -HashAlgorithm sha256 -KeyLength 2048
-CertStoreLocation “Cert:\CurrentUser\My” -Signer $cert -TextExtension @(“2.5.29.37={text}1.3.6.1.5.5.7.3.2”)
8. Step 2 and 3 will create the following Thumbprint and Subject as shown here:
9. On your Windows GUI, run certmgr.msc and you should see
the following 2 Certificate contents:
Site to Site VPN between AZURE and AWS using Azure Virtual WAN ( Active/Active BPG Configuration )
This article will help in how to configure a site-to-site VPN between Azure Virtual WAN HUB and AWS utilizing the Internet Key Exchange version 2 (IKEv2) for the tunnel setup.
We will use Azure and AWS portal to set up Virtual WAN and then Site on AWS side.
Virtual vWAN.
Azure Virtual WAN is a networking service that brings much networking, security, and routing functionalities together to provide a single operational interface. These functionalities include branch connectivity (via connectivity automation from Virtual WAN Partner devices such as SD-WAN or VPN CPE), Site-to-site VPN connectivity, remote user VPN (Point-to-site) connectivity.
For Detail see - https://docs.microsoft.com/en-us/azure/virtual-wan/virtual-wan-about
Kubernetes Examples (Secrets) & (Replica Sets )
1. Create Secret using "kubectl" & Consuming it from "volumes" inside Pod
1a. Create secret "nginx-secret-vol" using "Kubectl"
1b. Consume "nginx-secret-vol" from "volumes" inside Pod
1c. Create | Display | Validate
2. Create Secret "manually" using YAML file & Consuming it from "environment variables" inside Pod
2a. Create secret ìredis-secret-envî using YAML file:
2b. Consume ìredis-secret-envî secret from ìEnvironment Variablesî inside pod
2c. Create | Display | Validate
Kubernetes Examples (Config Maps & Cluster IP)
Config Maps
1. Creating Configmap from "multiple files" & Consuming it inside Pod from "volumes"
1a. Create Configmap "nginx-configmap-vol" from "multiple files"
1b. Consume "nginx-configmap-vol" configmap inside Pod from "volumes"
1c. Create | Display | Validate
2. Creating Configmap from "literal values" & Consuming it inside Pod from "environment variables"
2a. Create configmap ìredis-configmap-envî from "literal values"
2b. Consume ìredis-configmap-envî configmap inside pod from ìEnvironment Variablesî inside pod
2c. Create | Display | Validate
Setup Kubernetes In Centos 8
Need To allow these ports in firewall.If you are deploying the cluster in Cloud you need to allow the port in network security group inbound rule.
firewall-cmd --permanent --add-port=6443/tcp
firewall-cmd --permanent --add-port=2379-2380/tcp
firewall-cmd --permanent --add-port=10250/tcp
firewall-cmd --permanent --add-port=10251/tcp
firewall-cmd --permanent --add-port=10252/tcp
firewall-cmd --permanent --add-port=10255/tcp
firewall-cmd –-reload
modprobe br_netfilter
echo '1' > /proc/sys/net/bridge/bridge-nf-call-iptables
Disable Swap and Selinux.
swapoff -a
setenforce 0
sed -i --follow-symlinks 's/SELINUX=enforcing/SELINUX=disabled/g' /etc/sysconfig/selinux