Patrick W. Healy
Patrick W. Healy
Doesn't work yet - do not merge.
So this works in that the commands are run, but `hostname -f` isn't returning the FQDN this early in the build cycle. Any thoughts on a good way to fix...
> Just reiterating...we can't forward the packet because source IP is link local, but we can SNAT it then forward it? Yes, if a packet matching fe80::/10 gets to ROUTING...
@chrisohaver A few more notes on this one (I work with @robbiezhang): 1. This only happens with clients that aren't using eDNS0 - `dig cluster-us-east-1-152269.prevops.com.` works, but `dig +noedns cluster-us-east-1-152269.prevops.com.`...
To be clear - prior to #5671, the cache plugin would use a larger buffer, get the response from the misbehaving upstream appropriately, then truncate it and send it back...
To clarify - I didn't mean that I thought #5671 was broken, I just meant that it was partially covering up the problem before and now it's not. I suspect...
> Ignoring the "bad" network prefixes may generate an nsg rule that allows Internet access and can pose security issue. @jwtty I'll edit my original comment to be clearer about...
@jwtty Sorry, I have to reverse myself on this - we need to make sure to fail secure by rejecting the bad entry and still including the deny rule, even...
When you create the PLS via annotations on the LoadBalancer service, we automatically bind the private link service against the front-end IP of the LB Service in question. You cannot...
@zadigus you are correct, there's no way to put the private endpoints behind ILB at this time. If you're specifically wanting to put it behind APIM, though... they recently GA'd...