You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/managed-grafana/troubleshoot-mpe-connection.md
+13-13Lines changed: 13 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -15,17 +15,17 @@ This article guides you to troubleshoot and fix issues related to connecting a m
15
15
16
16
## Symptom
17
17
18
-
Connection from services running on an AKS cluster to Managed Grafana using a Managed Private Endpoint is not working. Users may encounter errors such as **"504 Gateway Time-out"** when attempting to connect.
18
+
Connection from services running on an Azure Kubernetes Service (AKS) cluster to Azure Managed Grafana using a Managed Private Endpoint isn't working. Users may encounter errors such as **"504 Gateway Time-out"** when attempting to connect.
19
19
20
20
## Possible causes
21
21
22
22
The issue may occur due to one or more of the following reasons:
23
23
24
-
- The managed private endpoint is not approved.
25
-
- The private DNS zone is not configured correctly, leading to DNS resolution failures.
24
+
- The managed private endpoint isn't approved.
25
+
- The private DNS zone isn't configured correctly, leading to DNS resolution failures.
26
26
- Network security group (NSG) rules are blocking the connection.
27
-
- The AKS cluster does not have the correct outbound internet access configuration.
28
-
- The private link service is not properly configured to accept connections from the managed private endpoint.
27
+
- The AKS cluster doesn't have the correct outbound internet access configuration.
28
+
- The private link service isn't properly configured to accept connections from the managed private endpoint.
29
29
30
30
## Resolution
31
31
@@ -44,43 +44,43 @@ Follow these steps to resolve the issue:
44
44
### Step 2: check private DNS zone configuration
45
45
46
46
1. Verify that the private DNS zone is linked to the virtual network where the AKS cluster or other service is deployed.
47
-
1. Ensure the DNS zone contains the correct records for the private link service (e.g., `privatelink.<service>.azure.com`).
47
+
1. Ensure the DNS zone contains the correct records for the private link service (for example, `privatelink.<service>.azure.com`).
48
48
1. Test DNS resolution from the AKS cluster or other service to confirm it resolves to the private IP address of the private link service.
49
49
1. For more information, see [Create and manage private DNS zones using the Azure portal](/azure/dns/private-dns-portal).
50
50
51
51
### Step 3: Review Network Security Group (NSG) rules
52
52
53
-
1. Check the NSG rules applied to the subnet where your resource (e.g., AKS cluster or other service) is deployed.
53
+
1. Check the NSG rules applied to the subnet where your resource (for example, AKS cluster or other service) is deployed.
54
54
1. Ensure there are no rules blocking outbound traffic to the private link service.
55
55
1. Add an allow rule if necessary to permit traffic to the private endpoint.
56
56
57
57
### Step 4: Validate outbound configuration
58
58
59
-
1. Confirm that your resource (e.g., AKS cluster or other service) has outbound internet access configured correctly.
59
+
1. Confirm that your resource (for example, AKS cluster or other service) has outbound internet access configured correctly.
60
60
1. If using a custom route table, ensure it allows traffic to the private endpoint.
61
61
1. Test connectivity from your resource to the private endpoint using tools like `curl` or `ping`.
62
62
63
63
### Step 5: Verify private link service configuration
64
64
65
65
1. Ensure the private link service is configured to accept connections from the managed private endpoint.
66
-
1. Check the private link service's settings to confirm it is correctly associated with the target resource.
66
+
1. Check the private link service's settings to confirm it's correctly associated with the target resource.
67
67
1. Verify that the private link service is healthy and operational.
68
68
69
69
### Step 6: Analyze Port Configuration for AKS Clusters
70
70
71
-
If you are working with an AKS cluster, ensure that the port configuration is consistent across the monitored service, the load balancer, and the private link service. Incorrect port configurations can lead to data source connection failures.
71
+
If you're working with an AKS cluster, ensure that the port configuration is consistent across the monitored service, the load balancer, and the private link service. Incorrect port configurations can lead to data source connection failures.
72
72
73
73
For example, for a self-managed Prometheus server running on an AKS cluster:
74
74
75
-
- The port configuration for the monitored service should follow the structure: access port + protocol + port name (target port). This can be verified in the **Services and ingresses** page of the AKS cluster in the Azure portal.
75
+
- The port configuration for the monitored service should follow the structure: access port + protocol + port name (target port). This can be verified in the **Services and ingresses** page of the AKS cluster in the Azure portal.
76
76
77
77
- The load balancer created for the service should have a matching port configuration: access port + protocol + port number (target port).
78
78
79
-
If the port configurations do not match:
79
+
If the port configurations don't match:
80
80
81
81
1. Edit the YAML file for the load balancer to ensure the port configuration matches the monitored service.
82
82
1. Apply the updated configuration to the AKS cluster.
83
-
1. Test the Grafana data source connection to confirm it is successful.
83
+
1. Test the Grafana data source connection to confirm it's successful.
0 commit comments