mitzen

 You can use this link here to checkout the code behind terraform integration with Azure. https://github.com/hashicorp/terraform-provider-azurerm/blob/v2.99.0/internal/services/storage/client/client.go As you can see in this storage account example, terraform azurerm version 2.99 calls REST storage/mgmt/2021-04-01 and storagesync/mgmt/2020-03-01  Please refer to the diagram below for additional details. And you can test out the real API endpoint by going to this endpoint:- https://learn.microsoft.com/en-us/rest/api/storageactions/storage-tasks/create?view=rest-storageactions-2023-01-01&tabs=HTTP#code-try-0

You can use this link to checkout all the REST API call that is available in Azure. This can really come in handy when try to debug older version of REST API calls or even terraform providers.  https://learn.microsoft.com/en-us/azure/templates/microsoft.insights/allversions

  Istio support traffic mirroring and the configuration can be added in the virtual service itself.     mirror :       host : httpbin       subset : v2     mirrorPercentage :       value : 100.0 In this example, I am using httpbin to demonstrate traffic mirroring.  1. Deploy httpbin v1 and v2 - So i have 2 pods running httpbin with different labels.  2. Setup gateway, virtual service and destination rules. The destination rule supports subsets.  3. Then turn on mirroring on the virtual service.  Steps  Deploy 2 different version of httpbin - v1 and v2 by running the following command:- kubectl apply -f .\httpbin.yaml -n test kubectl apply -f .\httpbin-v2.yaml -n test Deploy the httpbin-gateway  kubectl apply .\httpbin-gateway.yaml -n test Run a few curl  http://localhost  At this point you can check to see the logs for your pods. kubectl logs your-v1-pod-name -n test There should be output and no output/request going into podv2 Turning on mirroring kubectl apply .\httpbin-gateway-v2.ya

 It's quite important to understand how to get the crds and version define correctly in a yaml file.  For example, let's say i bump into this error  error: resource mapping not found for name: "httpbin" namespace: "" from ".\\httpbin-gateway.yaml": no matches for kind "DestinationRule" in version "networking.istio.io/v1alpha" I probably got the apiVersion number wrong. So let's use   kubectl get crd/destinationrules.networking.istio.io -o yaml | more to check this out. I should be using v1alpha3, as that would resolve it.  

Try to use istioctl analyze -n your-name-space to see if it getting anything. In my case, i didn't label my namespace for istio injection.  kubectl label namespace test istio-injection=enabled If namespace is 'injected' - then ensure the side car is running.

 This article is really good to get a deeper understanding how it works. https://azure.microsoft.com/en-us/blog/dive-deep-into-nat-gateway-s-snat-port-behavior/ A few take away  for me at least are  1. Nat gateway can be associated with multiple subnet. This means it can link more than a single subnet.  2. If you have a VM with public IP in that subnet. Incoming connection can go directly to the VM while all outgoing request flow out via Nat gateway.  3. Connection can be re-use if it goes into a different destination. 4. It can support up to 16 different IP.

  When terraform update a nodepool we need to be careful what operation it is performing and destroying. Updating node pool pod max size in a node is a destructive operation where nodepool gets recreated When it comes to updating max node size it is considered a change. When we are updating load balancer port allocation (snat) it is an update operation.