CloudGen Access

___________________________________________________________

sudo firewall-cmd --list-all-zones # or sudo iptables -L -xvn

Ensure Envoy Proxy is listening on the correct port.

- Ensure Envoy Proxy is listening on the correct port.

sudo ss -anp | grep envoy | grep LISTEN # or sudo netstat -anp | grep envoy | grep LISTEN

Instance logs are sent to CloudWatch by default. Check the log group named: <code>/aws/ec2/FydeAccessProxy</code>

Select the failing instance from the log stream list.

1. Select the failing instance from the log stream list.
2. Filter for <code>cloud-init:</code>
3. Search for script errors. Example:

<code>2020-09-19T22:36:07.894+01:00 Sep 19 21:36:05 ip-10-200-0-114 cloud-init: + curl -sL <a href="https://url.fyde.me/install-fyde-proxy-linux" rel="nofollow noopener noreferrer" target="_blank">https://url.fyde.me/install-fyde-proxy-linux</a></code>

<code>2020-09-19T22:36:07.894+01:00 Sep 19 21:36:06 ip-10-200-0-114 cloud-init: Invalid option: -r</code>

- <code>2020-09-19T22:36:07.894+01:00 Sep 19 21:36:05 ip-10-200-0-114 cloud-init: + curl -sL <a href="https://url.fyde.me/install-fyde-proxy-linux" rel="nofollow noopener noreferrer" target="_blank">https://url.fyde.me/install-fyde-proxy-linux</a></code>
- <code>2020-09-19T22:36:07.894+01:00 Sep 19 21:36:06 ip-10-200-0-114 cloud-init: Invalid option: -r</code>

Pod logs are sent to CloudWatch by default.

Check the log group named: <code>fyde-access-proxy-ecs-fargate</code>

Select the failing pod from the log stream list.

Check the last lines for the error cause.

- Pod logs are sent to CloudWatch by default.
- Check the log group named: <code>fyde-access-proxy-ecs-fargate</code>
- Select the failing pod from the log stream list.
- Check the last lines for the error cause.

Confirm that both envoy-proxy and fyde-orchestrator containers are running.

- Confirm that both envoy-proxy and fyde-orchestrator containers are running.

Confirm that envoy-proxy container is mapping the correct port to the host.

In the example above, and for the public port 443, the output should contain the following:

- Confirm that envoy-proxy container is mapping the correct port to the host.
- In the example above, and for the public port 443, the output should contain the following:

Check that docker network is not conflicting with a remote network. - Check the value for IPAM.Config.Subnet - For more information check <a href="https://docs.docker.com/compose/compose-file/#ipam" rel="nofollow noopener noreferrer" target="_blank">compose-file</a>

- Check that docker network is not conflicting with a remote network. - Check the value for IPAM.Config.Subnet - For more information check <a href="https://docs.docker.com/compose/compose-file/#ipam" rel="nofollow noopener noreferrer" target="_blank">compose-file</a>

- Correct the namespace if needed.
- Check all deployed resources.

kubectl get all \ --namespace fyde-access-proxy

kubectl logs \ -l app=envoy-proxy -f \ --namespace fyde-access-proxy

kubectl logs \ -l app=fyde-orchestrator -f \ --namespace fyde-access-proxy

Bare Metal / Virtual Machine

Cloudformation ASG

Cloudformation ECS Fargate

Docker

Kubernetes