Create Azure Site

Objective

This guide provides instructions on how to deploy an F5® Distributed Cloud Services site in Azure Virtual Network (VNet). For more information, see Site.

You can deploy a Distributed Cloud Services in VNet using one of the following methods:

Note: Configuring site mesh group is not supported for the sites deployed from Console.

Using the instructions provided in this guide, you can deploy an ingress gateway site or ingress/egress gateway site. For more information, see Network Topology of a Site.


Prerequisites

The following prerequisites apply:


Design

The Azure VNet Site automates the deployment of sites in Azure. As part of the Azure VNet Site configuration, you can indicate that new VNet, subnets, and route tables need to be created. You also can choose to provide an existing VNet. The subnet information, creation of the VNet, and subnet resources will be skipped.

Note: By default, a site deployed in Azure supports Azure Disk Storage. See Configure Storage in Fleet for more information.

Azure VNet Site Deployment Types

A site can be deployed in two different modes with the Azure VNet site workflow.

  1. Ingress Gateway (One Interface): In this deployment mode, the site is attached to a single VNet and single Subnet. It can provide discovery of services and endpoints reachable from this subnet to any other site configured in the Distributed Cloud Services tenant.

  2. Ingress/Egress Gateway (Two Interfaces): In this deployment mode, the site is attached to a single VNet with at least two interfaces on different subnets. One subnet is labeled Outside and the other is labeled Inside. In this mode, the site provides security and connectivity needs for virtual machines and subnets via a default gateway through the Site Inside interface.

Ingress Gateway (One Interface)

In this deployment mode, F5® Distributed Cloud Mesh (Mesh) needs one interface attached. Services running on the node connect to the Internet using this interface. Also, this interface is used to discover other services and virtual machines and expose them to other sites in the same tenant. For example, in the below figure, TCP or HTTP services on the DevOps or Dev Azure VM instances can be discovered and exposed via reverse proxy remotely.

As shown in the below figure, the interface is on the Outside subnet which is associated with the VNet main routing table, whose default route is pointing to the Internet gateway. That is how traffic coming from the outside interface can reach the Internet, along with other subnets associated with this routing-table object. In case of other subnets (for example, Dev and DevOps), these are associated with the VNet main routing table, which means that any newly created subnet in this VNet is automatically associated with this routing table.

Azure VNet Deployment - Ingress Gateway (One Interface)
Figure: Azure Site Deployment - Ingress Gateway (One Interface)

Ingress/Egress Gateway (Two Interfaces)

In this deployment scenario, the Mesh nodes need two interfaces attached. The first interface is the outside interface through which services running on the node can connect to the Internet. The second interface is the inside interface which will become the default gateway IP address for all the application workloads and services present in the private subnets.

As shown in the below figure, the outside interface is on the outside subnet which is associated with the outside subnet route table, whose default route is pointing to the Internet gateway. That is how traffic coming from the outside interface can reach the Internet. In case of inside subnets, these are associated with the inside subnet route table which is also the main route table for this VNet, meaning that any newly created subnet in this VNet is automatically associated with the inside subnet route table. This private subnet route table has a default route pointing to the inside IP address of the Mesh node (192.168.0.186).

Figure: Azure Site Deployment - Ingress/Egress Gateway (Two Interfaces) Single AZ
Figure: Azure Site Deployment - Ingress/Egress Gateway (Two Interfaces) Single AZ

Once the Mesh site comes online, the inside network of the node will be connected to the outside network through a forward proxy and SNAT enabled on the outside interface. All traffic coming on the inside interface will be forwarded to the Internet over the forward proxy and SNAT happening on the outside interface. Now all the workloads on private subnets can reach the internet through Mesh site.

Network Policies

The site can be your ingress/egress security policy enforcement point, as all the traffic coming from private subnets will flow through site. If the traffic does not match the type defined in network policy, then the default action will be to deny it.

You can define which endpoint/subnet by using the network policy. You can define the egress policy by adding the egress rules from the point of endpoint to deny/allow specific traffic patterns based on intent, and you can also add ingress rules to deny/allow traffic coming toward the endpoint.

Forward Proxy Policy

Using a forward proxy policy, you can specify allowed/denied TLS domains or HTTP URLs. The traffic from workloads on private subnets toward the Internet via the Azure VNet site is allowed or denied accordingly.

More details on how to configure this is captured in the rest of this document.


Deploy Using Console

The Azure VNet site object creation and management process involves the following:

Phase Description
Create Azure VNet Site Object Create the Azure VNet site object in Console.
Deploy Azure VNet Site Deploy the site configured in the Azure VNet site object using automated method or assisted method.

Create Azure VNet Site Object

Sites can be viewed and managed in multiple services: Cloud and Edge Sites, Distributed Apps, and Load Balancers.

Step 1: Log into Console and start Azure VNet site object creation.
  • From the Console homepage, click Cloud and Edge Sites.

Note: The homepage is role based, and your homepage may look different due to your role customization. Select the All Services drop-down menu to discover all options.

Figure: Console Homepage
Figure: Console Homepage

  • Click Manage > Site Management.

Note: If options are not showing available, select Show link in Advanced nav options visible in bottom left corner. If needed, select Hide to minimize options from Advanced nav options mode.

  • Click Azure VNET Sites.

  • Click Add Azure VNET Site.

Site Management
Figure: Site Management

  • In the Metadata section, enter a name and optionally select a label and add a description, as needed.

Azure Site Creation Form
Figure: Azure Site Creation Form

Step 2: Configure site settings and VNet.
  • In the Site Type Selection section, perform the following:
Step 2.1: Set region and configure VNet.
  • Enter your Azure resource group in the Resource Group field. Ensure that you enter a name for a non-existent resource group.

  • Select a region type from the Select Azure Region Type menu. The Recommended Azure Region Name option is selected by default. You can change it by selecting the Alternate Azure Region Name option.

  • Select a region from the Recommended Azure Region Name or Alternate Azure Region Name menu per your choice of the Azure region type.

  • From the Vnet menu, select an option:

    • New Vnet Parameters: Select Autogenerate Vnet Name or Choose Vnet Name from the Azure Vnet Name menu. If you choose a VNet name, enter the name in the Choose Vnet Name box. Enter the CIDR in the IPv4 CIDR block field.

    • Existing Vnet: Enter an existing resource group name and VNet name in the Existing Vnet Resource Group and Existing Vnet Name fields.

  • In the IPv4 CIDR block field, enter a value.

VNet Site Region Parameters
Figure: Site Region Parameters

Step 2.2: Configure the ingress or ingress/egress gateways.

From the Select Ingress Gateway or Ingress/Egress Gateway menu, select an option per the configured Azure region type from above. For example, if you selected the region type as Alternate Azure Region Name and want to configure ingress gateway node, select the Ingress Gateway (One Interface) on Alternate Region option.

Configure Ingress Gateway for One Interface

  • If you selected Ingress Gateway (One Interface) on Recommended Region, performing the following:

    • Click Configure.

    • Under the Ingress Gateway (One Interface) Nodes in AZ section, click Add Item and perform the following:

    • From the Azure AZ name menu, select an option to set the number of availability zones.

Note: If you selected the Ingress Gateway (One Interface) on Alternate Region option, you need to set the number of main nodes from the Number of main nodes menu.

  • From the Subnet for local interface menu, select New Subnet or Existing Subnet.

  • For the New Subnet option, enter the subnet address in the IPv4 Subnet field.

  • For the Existing Subnet option, enter it in the Subnet Name field, and select an option from the Subnet Resource Group menu. Use the Vnet Resource Group option to use the same resource group as that of the VNet, or select Resource Group Name and enter a name in the enabled Resource Group Name field.

  • Click Add Item.

Ingress Gateway for One Interface
Figure: Ingress Gateway for One Interface

Note: You can add more than one ingress gateway using the Add Item option. The Azure Certified Hardware option is set to azure-byol-voltmesh by default.

  • Click Apply.

Configure Ingress/Egress Gateway for Two Interfaces

  • If you selected Ingress/Egress Gateway (Two Interface) on Recommended Region, performing the following:

    • Click Configure.

Note: The Azure Certified Hardware option is set to azure-byol-multi-nic-voltmesh by default.

  • In the Nodes section, click Add Item. Performing the following:

  • From the Azure AZ Name menu, set the number of availability zones.

Note: If you selected the Ingress/Egress Gateway (Two Interface) on Alternate Region option, you need to set the number of main nodes from the Number of main nodes menu.

  • From the Subnet for Inside Interface menu, select an option to configure the subnet for inside interface manually:

    • Select New Subnet or Existing Subnet.

    • For the New Subnet option, enter a subnet address in the IPv4 Subnet field.

    • For the Existing Subnet option, enter an existing subnet in the Subnet Name field and select an option from the Subnet Resource Group menu. Use the Vnet Resource Group option to use the same resource group as that of the VNet, or select Resource Group Name and enter a name in the enabled Resource Group Name box.

    • From the Subnet for Outside Interface menu, select an option to configure the subnet for outside interface manually. Follow the instructions for the inside interface from above.

    • Click Add Item.

Ingress/Egress Gateway for Two Interfaces
Figure: Ingress/Egress Gateway for Two Interfaces

  • Optionally, configure the network firewall settings in the Site Network Firewall section:

    • Select Active Network Policies from the Manage Network Policy menu.

    • Select an existing network policy or select Create new network policy view to create and apply a network policy.

    • After creating the policy, click Continue to apply.

    • From the Manage Forward Proxy menu, select an option:

    • Enable Forward Proxy with Allow All Policy.

    • Enable Forward Proxy and Manage Policies: Select an existing forward proxy policy, or select Create new forward proxy policy to create and apply a forward proxy policy. After creating the policy, click Continue to apply.

    • Click Apply.

Configure App Stack Cluster for One Interface

  • If you selected App Stack Cluster (One Interface) on Recommended Region, performing the following:

    • Click Configure.

    • In the App Stack Cluster (One Interface) Nodes in AZ section, click Add Item. Perform the following:

      • From the Azure AZ name menu, set the number of availability zones.

    Note: If you selected the App Stack Cluster (One Interface) on Alternate Region option, you need to set the number of main nodes from the Number of main nodes menu.

    • From the Subnet for local interface menu, select an option to configure the subnet for inside interface manually:

      • Select New Subnet or Existing Subnet.

      • For the New Subnet option, enter a subnet address in the IPv4 Subnet field.

      • For the Existing Subnet option, enter an existing subnet in the Subnet Name field and select an option from the Subnet Resource Group menu. Use the Vnet Resource Group option to use the same resource group as that of the VNet, or select Resource Group Name and enter a name in the enabled Resource Group Name box.

      • From the Subnet for Outside Interface menu, select an option to configure the subnet for outside interface manually. Follow the instructions for the inside interface from above.

    • Click Add Item.

App Stack Cluster for One Interface
Figure: App Stack Cluster for One Interface

  • Optionally, configure the network firewall settings in the Site Network Firewall section:

    • Select Active Network Policies from the Manage Network Policy menu.

    • Select an existing network policy or select Create new network policy view to create and apply a network policy.

    • After creating the policy, click Continue to apply.

    • From the Manage Forward Proxy menu, select an option:

    • Enable Forward Proxy with Allow All Policy.

    • Enable Forward Proxy and Manage Policies: Select an existing forward proxy policy, or select Create new forward proxy policy to create and apply a forward proxy policy. After creating the policy, click Continue to apply.

    • Click Apply.

Step 2.3: Set the deployment type.

Note: Refer to the Cloud Credentials guide for more information. Ensure that the Azure credentials are applied with required access policies per the Azure Credential Client Certificate or Azure Client Secret for Service Principal Credentials documents.

Note: For Assisted Deployment mode, the deployment options from Console are not available.

  • From the Select Automatic or Assisted Deployment drop-down menu, select Automatic Deployment.

  • Select an existing Azure credentials object, or select Create new cloud credentials to load form.

Site Automatic Deployment Option
Figure: Site Automatic Deployment Option

  • In the credential creation form, perform the following:

    • In the Metadata section, enter a name. Optionally, select a label and add a description, as needed.

    • From the Select Cloud Credential Type menu, select Azure Credential Client Certificate or Azure Client Secret for Service Principal.

Azure Credential Creation Form
Figure: Azure Credential Creation Form

  • Enter the required information.

  • Click Configure.

  • Select option from the Secret Info menu:

    • Blindfold Secret: Enter secret in box below.

    • Clear Secret: Enter secret in box in either Text or base64(binary) formats.

    • Click Apply.

  • Click Continue to add the new credentials.

Step 3: Set the site node parameters.

Configuring the Site Node Parameters section is optional.

  • In the Site Node Parameters section, toggle the Show Advanced Fields option.

  • Set the Azure machine type by selecting an option from the Azure Machine Type for Node menu. Click See Common Values.

  • Specify a disk size in GiB from the Cloud Disk Size menu. For example, 80 would be 80 GiB.

  • Enter your SSH key in the Public SSH key field.

Azure VNet Site Node Parameters
Figure: Azure VNet Site Node Parameters

  • Enter a geographic address in the Geographical Address field to determine the latitude and longitude.

  • Specify the latitude and longitude using Latitude and Longitude in the Co-ordinates section.

Step 4: Set advanced configuration.
  • Toggle the Show Advanced Fields option in the Advanced Configuration section.

  • Select Enable Log Streaming from the Logs Streaming menu.

  • From the Enable Logs Streaming menu, select an existing log receiver, or click Create new log receiver.

  • Form the Select Volterra Software Version menu, set the latest or a specific version for Distributed Cloud Services software.

    • Volterra Software Version: Enter the specific version in the Volterra Software Version field, if selected.
  • From the Select Operating System Version menu, set the latest or a specific version for the operating system.

    • Operating System Version: Enter the specific version in the Operating System Version field, if selected.
  • Select worker node configuration from the Desired Worker Nodes Selection menu:

    • Desired Worker Nodes Per AZ: To specify worker nodes per availability zone, enter the number of worker nodes per zone in the Desired Worker Nodes Per AZ field. A maximum of 21 zones is allowed.

    • Total Number of Worker Nodes for a Site: To specify the total number of worker nodes across all zones of a site, enter the number in the Total Number of Worker Nodes for a Site field.

Note: For an Azure alternate region, there is no availability zone. It is recommended to use the Total Number of Worker Nodes for a Site option.

Step 5: Complete the Azure VNet site object creation.
  • Click Save and Exit to complete creating the Azure VNet site.

Note: The Status box for the VNet object displays Generated.


Deploy Site

Creating the Azure VNet object in Console generates the terraform parameters. You can deploy the site using automatic or assisted deployment, depending on your Azure VNet site object configuration.

Automatic Deployment:

Perform this procedure in case you created the Azure VNet site object with automatic deployment option.

  • Navigate to the created Azure VNet object using the Manage > Site Management > Azure VNET Sites path.

  • Find your Azure VNet object and then click Apply in the Actions column. The Status field for your Azure VNet object changes to Applying.

Note: Optionally, you can perform terraform plan activity before the deployment. Find your Azure VNet site object and select ... > Plan (Optional) to start the action of terraform plan. This creates the execution plan for terraform.

  • Wait for the apply process to complete and the status to change to Applied.

Note: You can check the status for the apply action. Select ... > Terraform Parameters for your Azure VNet site object and select the Apply Status tab.

  • Navigate to Sites > Sites List.

  • Find your site from the displayed list and verify that the status is ONLINE.

Note: It takes a few minutes for the site to be deployed and status to become ONLINE.

Assisted Deployment:

Perform this procedure in case you created the Azure VNet site object with assisted deployment option.

  • Download the terraform variables in case of assisted deployment.

  • Navigate to the created Azure VNet site object using the Manage > Site Management > Azure VNET Sites path.

  • Find your Azure VNet site object, and select ... > Terraform Parameters for it.

  • Copy the parameters to a file in your local machine.

  • Download the Distributed Cloud Services quickstart utility.

docker pull gcr.io/volterraio/volt-terraform
  • Run the terraform container.
docker run --entrypoint tail --name terraform-cli -d -it \
-w /terraform/templates \
-v ${HOME}/.ssh:/root/.ssh \
gcr.io/volterraio/volt-terraform:latest \
-f /dev/null
  • Copy the downloaded terraform variables file to the container. The following example copies to the /var/tmp folder on the container.
docker cp /Users/ted/Downloads/system-azure-vnet-a.json terraform-cli:/var/tmp
  • Download the API certificate from Console, and copy it to the container.
docker cp /Users/ted/Downloads/playground.console.api-creds.p12 terraform-cli:/var/tmp

Note: See the Generate API Certificate for information on API credentials.

  • Enter the terraform container.
docker exec -it terraform-cli sh
  • Log into Azure using your Active Domain (AD) credentials. Enter the following command and follow the instructions displayed on the screen.
az login
  • Check the default subscription and resource group.
az account list --output table
  • Set a default subscription by name or UUID.
SUBSCRIPTION_ID=<subscription_id>
az account set -s $SUBSCRIPTION_ID
  • Verify that the correct subscription is set.
 az account list --output table --query '[].{Name:name, IsDefault:isDefault}'
  • Create a service principal account that has permissions to manage resources in the selected subscription. Save the output.
az ad sp create-for-rbac -n <deployment-name> --role="Contributor" --scopes="/subscriptions/$SUBSCRIPTION_ID"

The following is a sample output of the service principal account creation:

 {
        "appId": "00000000-0000-0000-0000-000000000000",
        "displayName": "azure-cli-2017-06-05-10-41-15",
        "name": "http://azure-cli-2017-06-05-10-41-15",
        "password": "0000-0000-0000-0000-000000000000",
        "tenant": "00000000-0000-0000-0000-000000000000"
 }
  • Copy the output and store it safely. This is required to set the environment variables. The following list shows the fields in the output of above command:

  • The field appId is the TF_VAR_client_id environment variable.

  • The field password is the TF_VAR_client_secret environment variable.

  • The field tenant is the TF_VAR_tenant_id environment variable.

export TF_VAR_subscription_id=<subscription_id>
export TF_VAR_tenant_id=<tenant_id>
export TF_VAR_client_secret=<client password>
export TF_VAR_client_id=<client id>
  • Set the field TF_VAR_subscription_id with the subscription ID of your account.

  • Change to the assisted mode azure-volt-node template directory.

cd /terraform/templates/views/assisted/azure-volt-node
  • Set the environment variables needed for the Distributed Cloud Services provider.

  • VOLT_API_P12_FILE: This variable is for the path to API certificate file.

  • VES_P12_PASSWORD: This variable is for the API credential password. This is the password which you set while downloading the API certificate.

  • VOLT_API_URL: This variable is for the tenant URL.

  • Change the values per your setup. The following is a sample:

export VOLT_API_P12_FILE="/var/tmp/playground.console.api-creds.p12"
export VES_P12_PASSWORD=<api_cred_password>
export VOLT_API_URL="https://playground.console.ves.volterra.io/api"
export TF_VAR_akar_api_url=$VOLT_API_URL
  • Deploy the nodes by executing the terraform commands.
terraform init
terraform apply -var-file=/var/tmp/system-azure-vnet-a.json

Note: The terraform init command brings up the Azure cloud resources. When the terraform apply command is executed, it prompts you for input to proceed. Enter yes to begin deploying the node(s) and wait for the deployment to complete.

  • Navigate to Sites > Site List to locate your site and verify status is ONLINE. It takes a few minutes for the site to be deployed and status to become ONLINE.

Delete Site

Perform the following to delete the Azure VNet site:

Automatic Deployment: Delete the VNet object from Console if your sites were deployed using the automatic deployment method.
  • Click Manage > Site Management > Azure VNET Sites to navigate to your Azure VNet object.

  • Locate your Azure VNet object.

  • Click ... > Delete.

  • Click Delete in the pop-up confirmation window.

Note: Deleting the VNet object deletes the sites and nodes from the VNet and deletes the VNet. In case the delete operation does not remove the object and returns any error, check the error from the status, fix the error, and re-attempt the delete operation. If the problem persists, contact technical support. You can check the status using the ... > Terraform Parameters > Apply status option.

Assisted Deployment: Delete the terraform deployment made in assisted mode, and then delete the site in Console.
Step 1: Delete the terraform deployment.
  • Enter terraform container.
docker exec -it terraform-cli sh
  • Change to the VNet template directory.
cd /terraform/templates/views/assisted/azure-volt-node
  • Set Azure account related environment variables.
export TF_VAR_subscription_id=<subscription_id>
export TF_VAR_tenant_id=<tenant_id>
export TF_VAR_client_secret=<client password>
export TF_VAR_client_id=<client id>
  • Set the environment variables needed for the Distributed Cloud Services provider.

  • VOLT_API_P12_FILE: This variable is for the path to API certificate file.

  • VES_P12_PASSWORD: This variable is for API credentials password. This is the password which you set while downloading API certificate.

  • VOLT_API_URL: This variable is for the tenant URL.

  • Change the values per your setup. The following is a sample:

export VOLT_API_P12_FILE="/var/tmp/playground.console.api-creds.p12"
export VES_P12_PASSWORD=<api_cred_password>
export VOLT_API_URL="https://playground.console.ves.volterra.io/api"
export TF_VAR_akar_api_url=$VOLT_API_URL
  • Delete the nodes by executing the terraform commands.
terraform init
terraform destroy -var-file=/var/tmp/system-azure-vnet-a.json

Note: When the terraform destroy command is executed, it prompts you for input to proceed. Enter yes and wait for the destroy process to complete.

Step 2: Delete the site from Console.
  • Click Manage > Site Management > Azure VNET Sites to navigate to your Azure VNet object.

  • Locate your Azure VNet object.

  • Click ... > Delete.

  • Click Delete in the pop-up confirmation window.


Deploy Site from Azure Marketplace

The Distributed Cloud Services node is also available in the Azure Marketplace, and you can deploy the node using the Azure Marketplace image.

Perform the following to deploy the node from Azure Marketplace:

Step 1: Create account.

Create an account from the Marketplace by following the instructions available there. You can also create an account using the instructions in the Create an Account guide or use an existing account.

Step 2: Create a site token.

Log into Console and create a site token.

Step 3: Create custom data for deployment.

Azure Marketplace supports installation using custom data, such as a script or a configuration file.

  • Create a file and open it with a text editor or terminal text editor, such as vi or nano.

  • Enter the configuration using the following template:

#cloud-config
write_files:
#ves
  - path: /etc/hosts
    content: |
      # IPv4 and IPv6 localhost aliases
      127.0.0.1           localhost
      ::1                 localhost
      127.0.0.1          vip
    permissions: 0644
    owner: root
  - path: /etc/vpm/config.yaml
    permissions: 0644
    owner: root
    content: |
      Vpm:
        ClusterType: ce
        Token: <TOKEN>
        MauricePrivateEndpoint: https://register-tls.ves.volterra.io
        MauriceEndpoint: https://register.ves.volterra.io
        CertifiedHardwareEndpoint: https://vesio.blob.core.windows.net/releases/certified-hardware/azure.yml
      Kubernetes:
        EtcdUseTLS: True
        Server: vip
  • Replace <TOKEN> shown in the sample above with the token created in Step 2.

  • Save the file.

Step 4: Deploy the node from Azure portal.
  • Log into Azure cloud portal.

  • Locate the node in Marketplace search using the term "Volterra".

  • Select the node listed from the search results.

Note: You can also navigate to the node resource from Azure Marketplace.

Azure Marketplace Node Search Results
Figure: Azure Marketplace Node Search Results

  • Click Get It Now. You may receive a popup window asking you to confirm marketing and contact information.

  • Click Create.

Create Node
Figure: Create Node

  • Click the Basics tab to open the configuration form.

Node Configuration - Basics Tab
Figure: Node Configuration - Basics Tab

  • From the Subscription menu, select your level of subscription.

  • For the Subscription/Resource group requirement, click Create new to create a new resource group.

  • In the Virtual machine name field, enter a name for your virtual machine (VM).

  • From the Size menu, select an option/plan per your needs.

Node Basic Configuration
Figure: Node Basic Configuration

  • Click Next at the bottom of the page to go to the next confirmation tab.

  • In the Advanced tab, paste the configuration created in the previous step into the Custom data box.

Azure Marketplace Node Deployment Using Custom Configuration
Figure: Azure Marketplace Node Deployment Using Custom Configuration

  • Click Review + create.

  • Enter the required fields in the next screen.

  • Click Create.

  • Download the SSH key pair if the download notification is displayed.

Step 5: Perform registration.
  • Log into Console and click Cloud and Edge Sites.

Figure: Console Homepage
Figure: Console Homepage

  • Click Manage > Site Management.

  • Click Registrations > Fleets.

  • Choose your site from the displayed list.

  • Select Pending Registrations or Other Registrations tabs to view different sets of lists.

  • Select the checkmark to load the Registration Acceptance form.

  • Enter the required fields and complete registration.

  • Enter all mandatory fields marked with the asterisk (*) symbol.

Note: For a multi-node site, accept registration requests for all master nodes. Ensure that you set the same values for the following fields for all nodes:

  • Cluster name
  • Cluster size
  • Click Save and Exit to complete registration.
Step 6: Check the site status and health.
  • Click Sites > Site List and select your site from the displayed list to see the dashboard for your site.

Note: After you accept the registration, it takes a few minutes for the health and connectivity status to update in Console.

  • Select the Site Status tab to verify the following:

    • The Update Status field has Successful value for the F5 OS Status section.

    • The Update Status field has Successful value for the F5 Software Status section.

    • The Tunnel status field under the RE Connectivity section has up value.


Delete Site

To delete a site from Azure Marketplace, follow the instructions at Delete a VM and attached resources.


Deploy Using Vesctl

vesctl is a command-line interface (CLI) tool that enables you to create, debug, and diagnose services running within Distributed Cloud Services. See vesctl repository for more information.

The following is a prerequisite for deploying using the vesctl site azure_vnet command:

Create a Cloud Credential object and use the --cloud-cred flag to refer it. Or set the environment variable ARM_CLIENT_ID, ARM_SUBSCRIPTION_ID, ARM_TENANT_ID, ARM_CLIENT_SECRET, and site creation workflow will also create cloud credential object.

Note: When deleting a site, the cloud credential created with the vesctl site azure_vnet command will not be deleted.

Create Azure VNet Site

You can create an ingress gateway or an ingress/egress gateway with the vesctl tool. For each gateway type, you have the option to create a single-node site or a multi-node site.

Note: Enter the vesctl site azure_vnet create --help command to view the command help.

Ingress Gateway: Create ingress gateway site.
Single-Node Site: Create a single-node site.
  • Enter the following command with your specific parameters to create a single-node site with new VNet:
vesctl site azure_vnet create --gw-type ingress_gw --name az-nyc01 --action apply --region eastus --vnet-cidr 192.168.0.0/22 --outside-subnet-cidrs 192.168.0.0/24 --action apply
  • Enter the following command with your specific parameters to create a single-node site with existing VNet and subnet-id:
vesctl site azure_vnet create --gw-type ingress_gw --name az-nyc01 --action apply --region eastus --vnet-name <vnet-xxxxx> --outside-subnet-names <subnet-xxxxx> --action apply
Multi-Node Site: Create a multi-node site.
  • Enter the following command with your specific parameters to create a multi-node site with new VNet:
vesctl site azure_vnet create --gw-type ingress_gw --name az-nyc01 --action apply --region eastus \
--azs 1,2,3 --vnet-cidr 192.168.0.0/22 \
--outside-subnet-cidrs 192.168.0.0/25,192.168.1.0/25,192.168.2.0/25 --action apply
  • Enter the following command with your specific parameters to create a multi-node site with existing VNet and subnet-id:
vesctl site azure_vnet create --gw-type ingress_gw --name az-nyc01 --action apply --region eastus \
--azs 1,2,3 --vnet-name <vnet-xxxxx> \
--outside-subnet-names subnet-id1,subnet-id2,subnet-id3 --action apply
Ingress/Egress Gateway: Create ingress/egress gateway site.
Single-Node Site: Create a single-node site.
  • Enter the following command with your specific parameters to create a single-node ingress/egress gateway site with new VNet:
vesctl site azure_vnet create --gw-type ingress_egress_gw --name az-nyc01 --action apply --region eastus --vnet-cidr 192.168.0.0/22 --outside-subnet-cidrs 192.168.0.0/24 --inside-subnet-cidrs 192.168.1.0/24 --action apply
  • Enter the following command with your specific parameters to create a single-node ingress/egress gateway site with existing VNet and subnet-id:
vesctl site azure_vnet create --gw-type ingress_egress_gw --name az-nyc01 --action apply --region eastus --vnet-name <vnet-xxxxx> --outside-subnet-names <subnet-xxxxx> --inside-subnet-names <subnet-yyyyyy> --action apply
Multi-Node Site: Create a multi-node site.
  • Enter the following command with your specific parameters to create a multi-node ingress/egress gateway site with new VNet:
vesctl site azure_vnet create --gw-type ingress_egress_gw --name az-nyc01 --action apply --region eastus \
--azs 1,2,3 --vnet-cidr 192.168.0.0/22 \
--outside-subnet-cidrs 192.168.0.0/25,192.168.1.0/25,192.168.2.0/25 \
--inside-subnet-cidrs 192.168.0.128/25,192.168.1.128/25,192.168.2.128/25 --action apply
  • Enter the following command with your specific parameters to create a multi-node ingress/egress gateway site with existing VNet and subnet-id:
vesctl site azure_vnet create --gw-type ingress_egress_gw --name az-nyc01 --action apply --region eastus \
--azs 1,2,3 --vnet-name <vnet-xxxxx> \
--outside-subnet-names subnet-id1,subnet-id2,subnet-id3 \
--inside-subnet-names subnet-id4,subnet-id5,subnet-id6 --action apply

Replace Azure VNet site

Replace Site: Replace the Azure VNet site.

Use the vesctl command to replace a site.

  • Type vesctl site azure_vnet replace --name az-nyc01 --os-version <new-version> --software-version <new-version>.
vesctl site azure_vnet replace --name az-nyc01 --os-version <new-version> --software-version <new-version>

Note: Enter the vesctl site azure_vnet replace --help command to view the command help.


Delete Azure VNet site

Delete Site: Delete the Azure VNet site.

Use the vesctl command to delete a site.

  • Type vesctl site azure_vnet delete --name az-nyc01.
vesctl site azure_vnet delete --name az-nyc01

Note: Enter the vesctl site azure_vnet delete --help command to view the command help.


Concepts


API References