You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/managed-grafana/troubleshoot-mpe-connection.md
+12-17Lines changed: 12 additions & 17 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -11,11 +11,11 @@ ai-usage: ai-assisted
11
11
12
12
# Troubleshoot connecting managed private endpoint to a private link service
13
13
14
-
This article guides you to troubleshoot and fix issues related to connecting a managed private endpoint to a private link service.
14
+
This article guides you to troubleshoot and fix issues related to connecting Azure Managed Grafana to an AKS cluster via a private link service
15
15
16
16
## Symptom
17
17
18
-
Connection from services running on an Azure Kubernetes Service (AKS) cluster to Azure Managed Grafana using a Managed Private Endpoint isn't working. Users may encounter errors such as **"504 Gateway Time-out"** when attempting to connect.
18
+
Grafana is unable to connect to a private link service that exposes an Azure Kubernetes Service (AKS) cluster running a user’s database over a private network. Users may encounter errors such as **504 Gateway Time-out** when attempting to connect.
19
19
20
20
## Possible causes
21
21
@@ -24,8 +24,8 @@ The issue may occur due to one or more of the following reasons:
24
24
- The managed private endpoint isn't approved.
25
25
- The private DNS zone isn't configured correctly, leading to DNS resolution failures.
26
26
- Network security group (NSG) rules are blocking the connection.
27
-
- The AKS cluster doesn't have the correct outbound internet access configuration.
28
27
- The private link service isn't properly configured to accept connections from the managed private endpoint.
28
+
- The port configuration between the monitored service, the load balancer, and the private link service is inconsistent.
29
29
30
30
## Resolution
31
31
@@ -43,30 +43,25 @@ Follow these steps to resolve the issue:
43
43
44
44
### Step 2: check private DNS zone configuration
45
45
46
-
1. Verify that the private DNS zone is linked to the virtual network where the AKS cluster or other service is deployed.
46
+
1. Verify that the private DNS zone is linked to the virtual network where Azure Managed Grafana is deployed.
47
47
1. Ensure the DNS zone contains the correct records for the private link service (for example, `privatelink.<service>.azure.com`).
48
-
1. Test DNS resolution from the AKS cluster or other service to confirm it resolves to the private IP address of the private link service.
49
-
1. For more information, see [Create and manage private DNS zones using the Azure portal](/azure/dns/private-dns-portal).
48
+
1. Test DNS resolution from Azure Managed Grafana to confirm it resolves to the private IP address of the private link service.
50
49
51
-
### Step 3: Review Network Security Group (NSG) rules
52
-
53
-
1. Check the NSG rules applied to the subnet where your resource (for example, AKS cluster or other service) is deployed.
54
-
1. Ensure there are no rules blocking outbound traffic to the private link service.
55
-
1. Add an allow rule if necessary to permit traffic to the private endpoint.
50
+
For more information, see [Create and manage private DNS zones using the Azure portal](/azure/dns/private-dns-portal).
56
51
57
-
### Step 4: Validate outbound configuration
52
+
### Step 3: Review Network Security Group (NSG) rules
58
53
59
-
1.Confirm that your resource (for example, AKS cluster or other service) has outbound internet access configured correctly.
60
-
1.If using a custom route table, ensure it allows traffic to the private endpoint.
61
-
1.Test connectivity from your resource to the private endpoint using tools like `curl` or `ping`.
54
+
1.Check the NSG rules applied to the subnet where the private link service is deployed.
55
+
1.Ensure there are no rules blocking inbound traffic from Azure Managed Grafana to the private link service.
56
+
1.Add an allow rule if necessary to permit traffic from Azure Managed Grafana.
62
57
63
-
### Step 5: Verify private link service configuration
58
+
### Step 4: Verify private link service configuration
64
59
65
60
1. Ensure the private link service is configured to accept connections from the managed private endpoint.
66
61
1. Check the private link service's settings to confirm it's correctly associated with the target resource.
67
62
1. Verify that the private link service is healthy and operational.
68
63
69
-
### Step 6: Analyze Port Configuration for AKS Clusters
64
+
### Step 5: Analyze port configuration for AKS clusters
70
65
71
66
If you're working with an AKS cluster, ensure that the port configuration is consistent across the monitored service, the load balancer, and the private link service. Incorrect port configurations can lead to data source connection failures.
0 commit comments