New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Support the Removal of Inbound NAT Rules after deployment #41

Open
AlexFlat opened this Issue Dec 13, 2017 · 3 comments

Comments

Projects
None yet
4 participants
@AlexFlat

AlexFlat commented Dec 13, 2017

Hi,

We are using Service Fabric, which uses VMSS as the VM deployment mechanism.
The default template installs public RDP to all VMs in the cluster using Inbound NAT Rules.
We want to secure the cluster and remove direct RDP from each VM (we will employ a JumpBox for remote access).
When trying to remove/update the Inbound NAT Rules we receive an error

Cannot remove inbound nat pool LoadBalancerXXXX from load balancer since it is in use by virtual machine scale set

I logged this issue with Azure Support and they confirmed that this is not currently supported for VMSS.
I tried to find an issue/feature related to Inbound NAT Rules on this Repo but was unable to, so I logged one just in case. (Please delete if this is somewhere else)

Can you confirm if this feature is in the pipeline and if so, what is its status?

Thanks

Alex

@MJeorrett

This comment has been minimized.

MJeorrett commented Jan 26, 2018

+1 Slightly different scenario. I have enabled debugging in visual studio which adds to the inbound NAT rules so when I try to make an incremental change to the deployed resources (in my case add certs to the VMs) I get the same error. I can work around by disabling debugging in Visual Studio before doing the deploy but would be nice if I didn't have to.

@rdkleine

This comment has been minimized.

rdkleine commented Feb 8, 2018

+1

@rwwilden

This comment has been minimized.

rwwilden commented Feb 9, 2018

You can actually update NAT rules by (temporarily) disconnecting the VMSS from the NAT pool(s). I wrote a blog post explaining this approach.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment