Create Azure Site

Objective

This guide provides instructions on how to deploy Volterra sites in Azure VNET. For more information on Volterra site, see Volterra Site.

You can deploy an Azure VNET site in one of the following ways:

Note: Configuring site mesh group is not supported for the sites deployed from VoltConsole.

Using the instructions provided in this guide, you can deploy an ingress gateway site or ingress/egress gateway site. For more information, see Network Topology of a Site.


Prerequisites

The following prerequisites apply:


Design

Azure VNET Site automates the deployment of Volterra Sites in Azure. As part of the Azure VNET Site configuration, users can indicate that new VNET, subnets, route tables need to be created or users can choose to provide existing VNET and subnet information and the creation of VNET and subnet resources will be skipped.

Azure VNET Site Deployment Types

A Volterra Site can be deployed in 2 different modes with the Azure VNET Site workflow. Those modes are:

  1. Ingress Gateway (One Interface): In this deployment mode the Volterra Site is attached to a single VNET and single Subnet. It can provide discovery of services & endpoints reachable from this subnet to any other site configured in the Volterra tenant.
  2. Ingress/Egress Gateway (Two Interfaces): In this deployment mode the Volterra Site is attached to a single VNET with at least two interfaces on different subnets. One subnet is labeled (Outside) and the other (Inside). In this mode, the Volterra Site provides security and connectivity needs for VMs & Subnets via default gateway through the Volterra Site Inside interface.

Ingress Gateway (One Interface)

In this deployment mode, VoltMesh needs one interface attached. Services running on the node connect to the internet using this interface. Also, this interface is used to discover other services and virtual machines and expose them to other Volterra sites in the same tenant. For example, in the below figure, TCP or HTTP services on the DevOps or Dev Azure VM instances can be discovered and exposed via reverse proxy remotely.

As shown in the below figure, the interface is on the Outside subnet which is associated with the VNET main routing table whose default route is pointing to the internet gateway. That's how traffic coming from the outside interface can reach the Internet, along with other subnets associated with this routing-table object. In case of other Subnets (i.e. Dev & Devops) these are associated with the VNET main routing table which means that any newly created subnet in this VNET is automatically associated with this routing table.

design ingr gw
Figure: Azure VNET Site Deployment - Ingress Gateway (One Interface)

Ingress/Egress Gateway (Two Interfaces)

In this deployment scenario the VoltMesh nodes need two interfaces attached. The first interface is the outside interface through which services running on the node can connect to the internet. The second interface is the inside interface which will become the default gateway IP address for all the application workloads & services present in the private subnets.

As shown in the below figure, the outside interface is on the outside subnet which is associated with the outside subnet route table whose default route is pointing to the internet gateway. That's how traffic coming from the outside interface can reach the internet. In case of inside subnets these are associated with the inside subnet route table which is also the main route table for this VNET which means that any newly created subnet in this VNET is automatically associated with the inside subnet route table. This private subnet route table has a default route pointing to the inside IP address of the VoltMesh node (192.168.0.186).

design ingr egr gw
Figure: Azure VNET Site Deployment - Ingress / Egress Gateway (Two Interfaces) - Single AZ

Once the VoltMesh site comes online, the inside network of the node will be connected to the outside network through a forward proxy and SNAT enabled on the outside interface. Such that all traffic coming on the inside interface will be forwarded to the internet over the forward proxy and SNAT happening on the outside interface. Now all the workloads on private subnets can reach the internet through VoltMesh site.

Network Policies

The Volterra Site can be your ingress/egress security policy enforcement point as all the traffic coming from private subnets will flow through Volterra Site. If the traffic does not match the type defined in network policy then the default action will be to deny it.

Users can define which endpoint/subnet by using the network policy. You can define the egress policy by adding the egress rules from the point of endpoint to deny/allow specific traffic patterns based on intent and you can also add ingress rules to deny/allow traffic coming towards the endpoint.

Forward Proxy Policy

Using a forward proxy policy, the user can specify allowed/denied TLS domains or HTTP URLs. The traffic from workloads on private subnets towards the Internet via the Volterra Azure VNET site is allowed or denied accordingly.

More details on how to configure this is captured in the rest of this document.


Deploy Using VoltConsole

The following video shows the Azure VNET site deployment workflow using VoltConsole:

Azure VNET creation and management requires performing the following sequence of actions:

Phase Description
Create Azure VNET Site Object Create the Azure VNET site object in VoltConsole using the guided wizard.
Deploy Site Deploy the sites configured in the Azure VNET site object using automated or assisted method.

Create Azure VNET Site Object

The wizard to create the site object in Azure VNET guides you through the steps for required configuration. This document covers each guided step and explains the required actions to be performed for each step.

Perform the following steps:

Step 1: Log into the VoltConsole and start Azure VNET site object creation.
  • Select Manage -> Site Management from the section tabs in the system namespace on the primary navigation. Select Azure VNET Site from the pages. Click Add Azure VNET Site.
  • Set a name for your Azure VNET site in the metadata section.
Step 2: Configure the VNET and site settings.

Go to Site Type Selection section` and perform the following:

Step 2.1: Set region and configure VNET.
  • Enter your Azure resource group in the Resource Group field.

    Note: Ensure that you enter name for a non-existent resource group.

  • Select a region in the Azure Region drop-down field.
  • Select an option for the Select existing Vnet or create new Vnet field and configure as per the following guidelines:

    • For the New Vnet Parameters option, enter the name in the Azure Vnet Name field and enter the CIDR in the IPv4 CIDR block field.
    • For the Existing Vnet option, enter an existing resource group name and VNET name in the Existing Vnet Resource Group and Existing Vnet Name fields respectively.

vnet nodetype
Figure: VNET Site Type Settings

Step 2.2: Set the node configuration.

Select an option for the Select Ingress Gateway or Ingress/Egress Gateway field and perform one of the following steps accordingly.

Configure Ingress Gateway

For the Ingress Gateway (One Interface) option, click Configure and perform configuration as per the following guidelines:

  • Select an option for the Azure AZ name field that matches the configured Azure Region.
  • Select New Subnet or Name of Existing Subnet for the Select Existing Subnet or Create New field. Enter a subnet address in the IPv4 Subnet field in case of new subnet. Enter Existing Subnet Name and Existing Subnet Resource Group in case of existing subnet.

Note: The Azure Certified Hardware is set to azure-byol-voltmesh by default. You can add more than one node using the Add item option.

Configure Ingress/Egress Gateway

For the Ingress/Egress Gateway (Two Interface) option, click Configure to open the two-interface node configuration wizard and enter the configuration as per the following guidelines.

  • Select an option for the Azure AZ name field that matches the configured Azure Region.
  • Select New Subnet or Name of Existing Subnet for the Select Existing Subnet or Create New field in the Subnet for Inside Interface section. Enter a subnet address in the IPv4 Subnet field in case of new subnet. Enter Existing Subnet Name and Existing Subnet Resource Group in case of existing subnet.
  • Select New Subnet or Name of Existing Subnet for the Select Existing Subnet or Create New field in the Subnet for Outside Interface section. Enter a subnet address in the IPv4 Subnet field in case of new subnet. Enter Existing Subnet Name and Existing Subnet Resource Group in case of existing subnet.

two int nodes
Figure: VNET Ingress/Egress Gateway Interface Settings

Optional Configuration
  • In the Site Network Firewall section, optionally select Active Network Policies in the Manage Network Policy field. Select an existing network policy or click Create new network policy to create and apply a network policy. After creating the policy, click Continue to apply.
  • Optionally select Enable Forward Proxy with Allow All Policy or Enable Forward Proxy and Manage Policies in the Manage Forward Proxy Policy field. For the latter option, select an existing forward proxy policy or click Create new forward proxy policy to create and apply a forward proxy policy. After creating the policy, click Continue to apply.

twoint nwf new
Figure: VNET Ingress/Egress Gateway Network Firewall Settings

  • In the advanced configuration section, enable the Show Advanced Fields option.
  • Select Connect Global Networks for the Select Global Networks to Connect field. Click Configure. Select a connection type for the Select Network Connection Type field. Select a global network from the list of networks displayed in the Global Virtual Network field. You can also select Create new global vn to launch the global network creation wizard. Create a global network using the wizard and click Continue. Click Apply.
  • Select Manage Static Routes for the Manage Static Routes for Inside Network field and click Add item for the Static route list field. Perform one of the following steps:

    • Select Simple Static Route and enter a static route in the Simple Static Route field.
    • Select Custom Static Route and click Configure under the Custom Static Route option and perform the following steps:
    • In the Subnets section, select IPv4 or IPv6 option for the Version field. Enter a prefix and prefix length for your subnet. You can use the Add item option to set more subnets.
    • In the Nexthop section, select a next-hop type for the Type field. Select IPv4 or IPv6 for the Version field in the Address section and enter an IP address accordingly. Click Select interface object in case you choose next-hop type as network interface. Select a network interface or click Add new network interface to create and apply a new network interface. Click Select interface object to apply the interface.
    • In the Attributes section, select supported attributes in the Attributes field. You can select more than one from this list.
    • Click Apply to add the custom route.
  • Select Manage Static Routes for the Manage Static Routes for Outside Network field and click Add item for the Static route list field. Follow the same procedure as that of managing the static routes for inside network.
  • Click Apply.

Note: The Azure Certified Hardware is set to azure-byol-multi-nic-voltmesh by default. You can add more than one node using the Add item option.

Configure Voltstack Cluster (One Interface)

For the Voltstack Cluster (One Interface) option, click Configure to open the two-interface node configuration wizard and enter the configuration as per the following guidelines.

  • Select an option for the Azure AZ name field that matches the configured Azure Region.
  • Select New Subnet or Name of Existing Subnet for the Select Existing Subnet or Create New field in the Subnet for Inside Interface section. Enter a subnet address in the IPv4 Subnet field in case of new subnet. Enter Existing Subnet Name and Existing Subnet Resource Group in case of existing subnet.
  • Select New Subnet or Name of Existing Subnet for the Select Existing Subnet or Create New field in the Subnet for Outside Interface section. Enter a subnet address in the IPv4 Subnet field in case of new subnet. Enter Existing Subnet Name and Existing Subnet Resource Group in case of existing subnet.
Optional Configuration
  • In the Site Network Firewall section, optionally select Active Network Policies in the Manage Network Policy field. Select an existing network policy or click Create new network policy to create and apply a network policy. After creating the policy, click Continue to apply.
  • Optionally select Enable Forward Proxy with Allow All Policy or Enable Forward Proxy and Manage Policies in the Manage Forward Proxy Policy field. For the latter option, select an existing forward proxy policy or click Create new forward proxy policy to create and apply a forward proxy policy. After creating the policy, click Continue to apply.
  • In the advanced configuration section, enable the Show Advanced Fields option.
  • Select Connect Global Networks for the Select Global Networks to Connect field. Click Configure. Select a connection type for the Select Network Connection Type field. Select a global network from the list of networks displayed in the Global Virtual Network field. You can also select Create new global vn to launch the global network creation wizard. Create a global network using the wizard and click Continue. Click Apply.
  • Select Manage Static Routes for the Manage Static Routes for Inside Network field and click Add item for the Static route list field. Perform one of the following steps:

    • Select Simple Static Route and enter a static route in the Simple Static Route field.
    • Select Custom Static Route and click Configure under the Custom Static Route option and perform the following steps:
    • In the Subnets section, select IPv4 or IPv6 option for the Version field. Enter a prefix and prefix length for your subnet. You can use the Add item option to set more subnets.
    • In the Nexthop section, select a next-hop type for the Type field. Select IPv4 or IPv6 for the Version field in the Address section and enter an IP address accordingly. Click Select interface object in case you choose next-hop type as network interface. Select a network interface or click Add new network interface to create and apply a new network interface. Click Select interface object to apply the interface.
    • In the Attributes section, select supported attributes in the Attributes field. You can select more than one from this list.
    • Click Apply to add the custom route.
  • Select Manage Static Routes for the Manage Static Routes for Outside Network field and click Add item for the Static route list field. Follow the same procedure as that of managing the static routes for inside network.
  • Click Apply.

Note: The Azure Certified Hardware is set to azure-byol-voltstack-combo by default. You can add more than one node using the Add item option.

Step 2.3: Set the deployment type.

Select an option for the Select Automatic or Assisted Deployment field and perform further actions as per the following guidelines.

  • For the Automatic Deployment option, select an existing Azure credentials object or click Create new azure cred option to load new credential creation wizard. Create the new credentials as per the following guidelines:

    • Enter a name in the metadata section. Optionally set labels and enter a description.
    • Select Azure Client Secret for Service Principal in the Select Cloud Credential Type field. Enter your Azure account client ID, subscription ID, and tenant ID in the Client ID, Subscription ID, and Tenant ID fields.
    • Click Configure under the Client Secret field.
    • Select an option for the Secret Info. If you select Blindfold Secret, enter the secret in the Location field. If you select Clear Secret, enter the secret in the Clear Secret field in either ASCII or base64(binary) formats. Click Apply.
    • Click Continue to add the new credentials.

Note: Refer to the Cloud Credentials guide for more information. Ensure that the Azure credentials are applied with required access policies as per the Policy Requirements document.

deploy auto
Figure: VNET Site Automatic Deployment Configuration

  • For the Assisted Deployment option, obtain the terraform parameters after this VNET object is created in VoltConsole and perform the site deployment as per the instructions for assisted deployment mentioned in the Deploy Site chapter.

Note: In the Assisted Deployment mode, the deployment options from VoltConsole are not available.

Step 3: Set the site node parameters.

Go to the Site Node Parameters section and enable the Show Advanced Fields option. Perform the following:

  • Set the Azure machine type by selecting an option for the Azure Machine Type for Node field.
  • Enter your SSH key in the Public SSH key field.

site node params new
Figure: Azure VNET Site Node Parameters

Step 4: Complete the Azure VNET site object creation.

Click Save and Exit to complete creating the Azure VNET site.

Note: The Status field for the VNET object shows Generated.


Deploy Site

Creating the Azure VNET object in VoltConsole generates the terraform parameters. You can deploy the site using automatic or assisted deployment, depending on your Azure VNET site object configuration.

Automatic Deployment

Perform this procedure in case you created the Azure VNET site object with automatic deployment option.

  • Navigate to the created Azure VNET object using the Manage -> Site Management -> Azure VNET Site option. Find your Azure VNET object and click Apply under the Actions column. The Status field for your Azure VNET object changes to Applying.

Note: Optionally, you can perform terraform plan activity before the deployment. Find your Azure VNET site object and click ... -> Plan (Optional) to start the action of terraform plan. This creates the execution plan for terraform.

  • Wait for the apply to complete and the status to change to Applied.

Note: You can check the status for the apply action. Click ... -> Terraform Parameters for your Azure VNET site object and click the Apply Status tab.

  • Navigate to Sites -> Sites List. Find your site from the displayed list and verify that the status is ONLINE.

Note: It takes a few minutes for the site to be deployed and status to become ONLINE.

Assisted Deployment

Perform this procedure in case you created the Azure VNET site object with assisted deployment option.

  • Download the terraform variables in case of assisted deployment. Navigate to the created Azure VNET site object using the Manage -> Site Management -> Azure VNET Site path.
  • Find your Azure VNET site object and click ... -> Terraform Parameters for it. Copy the parameters to a file in your local machine.
  • Download Volterra quickstart utility.
docker pull gcr.io/volterraio/volt-terraform
  • Run the terraform container.
docker run --entrypoint tail --name terraform-cli -d -it \
-w /terraform/templates \
-v ${HOME}/.ssh:/root/.ssh \
gcr.io/volterraio/volt-terraform:latest \
-f /dev/null
  • Copy the downloaded terraform variables file to the container. The following example copies to the /var/tmp folder on the container.
docker cp /Users/ted/Downloads/system-azure-vnet-a.json terraform-cli:/var/tmp
  • Download API certificate from volterra console and copy it to the container
docker cp /Users/ted/Downloads/playground.console.api-creds.p12 terraform-cli:/var/tmp

Note: See the Generate API Certificate for information on API credentials.

  • Enter the terraform container.
docker exec -it terraform-cli sh
  • Login to Azure using your Active Domain(AD) credentials. Enter the following command and follow the instructions displayed on the screen.
az login
  • Check the default subscription and resource group.
az account list --output table
  • Set a default subscription by name or uuid.
SUBSCRIPTION_ID=<subscription_id>
az account set -s $SUBSCRIPTION_ID
  • Verify that the correct subscription is set.
 az account list --output table --query '[].{Name:name, IsDefault:isDefault}'
  • Create a service principal account that has permissions to manage resources in the selected subscription. Save the output.
az ad sp create-for-rbac -n <deployment-name> --role="Contributor" --scopes="/subscriptions/$SUBSCRIPTION_ID"

The following is a sample output of the service principal account creation.

 {
        "appId": "00000000-0000-0000-0000-000000000000",
        "displayName": "azure-cli-2017-06-05-10-41-15",
        "name": "http://azure-cli-2017-06-05-10-41-15",
        "password": "0000-0000-0000-0000-000000000000",
        "tenant": "00000000-0000-0000-0000-000000000000"
 }

Note: Please copy the output and store it safely. The following list shows the fields in the output of above command. This is required to set envrionment variables.

  • The field appId is the TF_VAR_client_id envrionment variable .
  • The field password is the TF_VAR_client_secret environment variable.
  • The field tenant is the TF_VAR_tenant_idvariable.
export TF_VAR_subscription_id=<subscription_id>
export TF_VAR_tenant_id=<tenant_id>
export TF_VAR_client_secret=<client password>
export TF_VAR_client_id=<client id>

Note: Set the field TF_VAR_subscription_id with the subscription id of your account.

  • Change to the assisted mode azure-volt-node template directory.
cd /terraform/templates/views/assisted/azure-volt-node
  • Set the environment variable needed for volterra provider
  • VOLT_API_P12_FILE: This is for the path to API certificate file.
  • VES_P12_PASSWORD: This variable is for API credentials password. This is the password which you set while downloading API certificate.
  • VOLT_API_URL: This is for the tenant URL.

The following is a sample. Change the values as per your setup.

export VOLT_API_P12_FILE="/var/tmp/playground.console.api-creds.p12"
export VES_P12_PASSWORD=<api_cred_password>
export VOLT_API_URL="https://playground.console.ves.volterra.io/api"
export TF_VAR_akar_api_url=$VOLT_API_URL
  • Deploy the nodes by executing the terraform commands.
terraform init
terraform apply -var-file=/var/tmp/system-azure-vnet-a.json

Note: The terraform init command brings up the Azure cloud resources. When the terraform apply command is executed, it prompts for user input to proceed. Enter yes to begin deploying the node(s) and wait for the deployment to complete.

  • Navigate to Sites -> Sites List. Find your site from the displayed list and verify that the status is ONLINE.

Note: It takes a few minutes for the site to be deployed and status to become ONLINE.


Delete Site

Perform the following to delete the Azure VNET site:

Automatic Deployment: Delete the VNET object from the VoltConsole in case of sites deployed using the automatic deployment method.

Perform the following to delete the VNET object:

  • Navigate to the created Azure VNET object using the Manage -> Site Management -> Azure VNET Site option.
  • Find your Azure VNET object and click ... -> Delete.
  • Click Delete in the confirmation window.

Note: Deleting the VNET object deletes the sites and nodes from the VNET and deletes the VNET. In case the delete operation does not remove the object and returns any error, check the error from the status, fix the error, and re-attempt the delete operation. If the problem persists, contact technical support. You can check the status using the ... ->Terraform Parameters-> Apply status option.

Assisted Deployment: Delete the terraform deployment made in assisted mode and then delete the site in VoltConsole.
Step 1: Delete the terraform deployment.
  • Enter terraform container.
docker exec -it terraform-cli sh
  • Change to the VNET template directory.
cd /terraform/templates/views/assisted/azure-volt-node
  • Set azure account related env variables
export TF_VAR_subscription_id=<subscription_id>
export TF_VAR_tenant_id=<tenant_id>
export TF_VAR_client_secret=<client password>
export TF_VAR_client_id=<client id>
  • Set the environment variable needed for volterra provider
  • VOLT_API_P12_FILE: This is for the path to API certificate file.
  • VES_P12_PASSWORD: This variable is for API credentials password. This is the password which you set while downloading API certificate.
  • VOLT_API_URL: This is for the tenant URL.

The following is a sample. Change the values as per your setup.

export VOLT_API_P12_FILE="/var/tmp/playground.console.api-creds.p12"
export VES_P12_PASSWORD=<api_cred_password>
export VOLT_API_URL="https://playground.console.ves.volterra.io/api"
export TF_VAR_akar_api_url=$VOLT_API_URL
  • Delete the nodes by executing the terraform commands.
terraform init
terraform destroy -var-file=/var/tmp/system-azure-vnet-a.json

Note: When the terraform destroy command is executed, it prompts for user input to proceed. Enter yes and wait for the destroy to complete.

Step 2: Delete the site from VoltConsole.
  • Navigate to the created Azure VNET object using the Manage -> Site Management -> Azure VNET Site option.
  • Find your Azure VNET object and click ... -> Delete.
  • Click Delete in the confirmation window.

Deploy Site from Azure Marketplace

Volterra node is also available in the Azure Marketplace and you can deploy the node using the marketplace image.

Perform the following to deploy node from the Azure marketplace:

Step 1: Create Volterra account.

You can create an account from the marketplace by following the instructions available there. You can also create account using the instructions in the Create a Volterra Account guide.

Note: You can also use an existing Volterra account.

Step 2: Create a site token.

Log into the VoltConsole and create a site token as per the instructions in the Create Site Token chapter.

Step 3: Create custom data for deployment.

Azure marketplace supports installation using the custom data such as a script or a configuration file.

  • Create a file and open it with a text editor or terminal editor such as vi.
  • Enter configuration using the following template:
#cloud-config
write_files:
#ves
  - path: /etc/hosts
    content: |
      # IPv4 and IPv6 localhost aliases
      127.0.0.1           localhost
      ::1                 localhost
      127.0.0.1          vip
    permissions: 0644
    owner: root
  - path: /etc/vpm/config.yaml
    permissions: 0644
    owner: root
    content: |
      Vpm:
        ClusterType: ce
        Token: <TOKEN>
        MauricePrivateEndpoint: https://register-tls.ves.volterra.io
        MauriceEndpoint: https://register.ves.volterra.io
        CertifiedHardwareEndpoint: https://vesio.blob.core.windows.net/releases/certified-hardware/azure.yml
      Kubernetes:
        EtcdUseTLS: True
        Server: vip

Note: Replace <TOKEN> shown in the sample with the token created in Step 2.

  • Save the file.
Step 4: Deploy the node from Azure portal.
  • Log into the Azure cloud portal and find Volterra node from the marketplace search. Select a a node listed from the search results and click on it.

Note: You can also navigate to the Volterra node resource from the Azure marketplace.

mp vn 1
Figure: Azure Marketplace Volterra Node Image

  • Click Create and this opens the Basics configuration form.

mp vn 2
Figure: Volterra Node Creation in Azure Market Place

  • Enter a name for your VM and optionally select properties such as size as per your requirement.

mp vn 3
Figure: Volterra Node Basic Configuration

  • Click Advanced tab. Paste the configuration created in previous step into the Custom data field.

az mp cust
Figure: Azure Marketplace Node Deployment Using Custom Configuration

  • Click Review+create. Enter the required fields in the next screen and and click Create.

Note: Download the SSH key pair if the download notification is displayed.

Step 5: Perform registration.
  • Log in to the VoltConsole with your tenant and select Manage -> Site Management from the configuration menu in the system namespace. Select Registrations from the options pane and choose your site in the displayed list of sites. Click ✅ to load the Registration Acceptance form.
  • Enter the required fields and complete registration. Enter all mandatory fields marked with the * character.

Note: In case of multi-node site, accept registration requests for all master nodes. Ensure that you set the same values for the following fields for all nodes:

  • Cluster name
  • Cluster size
  • Click Save and Exit to complete registration.
  • Check the site status and health. Select Sites -> Site List and click on your site from the displayed site list to see the dashboard for your site.

Note: After you accept the registration, it takes few minutes for the health and connectivity status to get updated in the portal. Click the Site Status tab to verify the following (established in that order during the site bring up):

  1. The Last Upgrade field has Successful value for the Volterra OS Status section.
  2. The Last Upgrade field has Successful value for the Volterra Software Status section.
  3. The IPSEC status field under RE Connectivity section has up value.

Deploy Using Vesctl

The vesctl is a configuration command line utility that allows users to create, debug and diagnose Volterra Services configuration. See vesctl repository for information on download and download the tool.

Create Azure VNET Site

The following is a prerequisite for deploying using the vesctl site azure_vnet command:

Create a Cloud Credential object and use --cloud-cred flag to refer it or set environment variable ARM_CLIENT_ID, ARM_SUBSCRIPTION_ID, ARM_TENANT_ID, ARM_CLIENT_SECRET and site creation workflow will also create cloud credential object

Note: When deleting the site the cloud credential created through the vesctl site azure_vnet command will not be deleted.

Ingress Gateway: Create ingress gateway site.
Single-Node Site:Create a single-node site.
  • Enter the following command to create single-node site with new VNET:
vesctl site azure_vnet create --gw-type ingress_gw --name az-nyc01 --action apply --region eastus --vnet-cidr 192.168.0.0/22 --outside-subnet-cidrs 192.168.0.0/24 --action apply
  • Enter the following command to create single-node site with existing VNET and subnet-id:
vesctl site azure_vnet create --gw-type ingress_gw --name az-nyc01 --action apply --region eastus --vnet-name <vnet-xxxxx> --outside-subnet-names <subnet-xxxxx> --action apply
Multi-Node Site:Create a multi-node site.
  • Enter the following command to create multi-node site with new VNET:
vesctl site azure_vnet create --gw-type ingress_gw --name az-nyc01 --action apply --region eastus \
--azs 1,2,3 --vnet-cidr 192.168.0.0/22 \
--outside-subnet-cidrs 192.168.0.0/25,192.168.1.0/25,192.168.2.0/25 --action apply
  • Enter the following command to create multi-node site with existing VNET and subnet-id:
vesctl site azure_vnet create --gw-type ingress_gw --name az-nyc01 --action apply --region eastus \
--azs 1,2,3 --vnet-name <vnet-xxxxx> \
--outside-subnet-names subnet-id1,subnet-id2,subnet-id3 --action apply
Ingress/Egress Gateway: Create ingress/egress gateway site.
Single-Node Site:Create a single-node site.
  • Enter the following command to create a single-node ingress/egress gateway site with new VNET:
vesctl site azure_vnet create --gw-type ingress_egress_gw --name az-nyc01 --action apply --region eastus --vnet-cidr 192.168.0.0/22 --outside-subnet-cidrs 192.168.0.0/24 --inside-subnet-cidrs 192.168.1.0/24 --action apply
  • Enter the following command to create a single-node ingress/egress gateway site with existing VNET and subnet-id:
vesctl site azure_vnet create --gw-type ingress_egress_gw --name az-nyc01 --action apply --region eastus --vnet-name <vnet-xxxxx> --outside-subnet-names <subnet-xxxxx> --inside-subnet-names <subnet-yyyyyy> --action apply
Multi-Node Site:Create a multi-node site.
  • Enter the following command to create a multi-node ingress/egress gateway site with new VNET:
vesctl site azure_vnet create --gw-type ingress_egress_gw --name az-nyc01 --action apply --region eastus \
--azs 1,2,3 --vnet-cidr 192.168.0.0/22 \
--outside-subnet-cidrs 192.168.0.0/25,192.168.1.0/25,192.168.2.0/25 \
--inside-subnet-cidrs 192.168.0.128/25,192.168.1.128/25,192.168.2.128/25 --action apply
  • Enter the following command to create a multi-node ingress/egress gateway site with existing VNET and subnet-id:
vesctl site azure_vnet create --gw-type ingress_egress_gw --name az-nyc01 --action apply --region eastus \
--azs 1,2,3 --vnet-name <vnet-xxxxx> \
--outside-subnet-names subnet-id1,subnet-id2,subnet-id3 \
--inside-subnet-names subnet-id4,subnet-id5,subnet-id6 --action apply

Note: Enter the vesctl site azure_vnet create --help command to view the command help.


Replace Azure VNET site

Replace Site: Replace the Azure VNET site using the azure_vnet replace command.
vesctl site azure_vnet replace --name az-nyc01 --os-version <new-version> --software-version <new-version>

Note: Enter the vesctl site azure_vnet replace --help command to view the command help.


Delete Azure VNET site

Delete Site: Delete the Azure VNET site using the azure_vnet delete command.
vesctl site azure_vnet delete --name az-nyc01

Note: Enter the vesctl site azure_vnet delete --help command to view the command help.


Concepts


API References