Set Up Azure resource group and networking

edit

If you don’t have an existing resource group, you’ll need to make some and configure the security settings to allow them to connect appropriately.

  1. Create a resource group:

    az group create --name <resourcename> --location <region>
  2. Create your network security group:

    az network nsg create --resource-group <resourcename> --name <securityname> --location <region>
  3. Add several rules for inbound and outbound network traffic.

    These rules make sure that the Cloud UI can be accessed, talk to each other, and that they can reach the internet. You might need to create several rules to enable the full list of ports and their uses.

    The following commands add port 22 to be able to connect over SSH for installation and troubleshooting, port 12443 for HTTPS, port 9243 to access your Elasticsearch clusters and Kibana instances, and port 12400 to access the Cloud UI:

    az network nsg rule create --resource-group <resourcename> --nsg-name <securityname> --name ssh --access Allow --protocol Tcp --direction Inbound --priority 100 --source-address-prefix Internet --source-port-range "*" --destination-address-prefix "*" --destination-port-range 22
    
    az network nsg rule create --resource-group <resourcename> --nsg-name <securityname> --name https --access Allow --protocol Tcp --direction Inbound --priority 200 --source-address-prefix Internet --source-port-range "*" --destination-address-prefix "*" --destination-port-range 12443
    
    az network nsg rule create --resource-group <resourcename> --nsg-name <securityname> --name ece-frontend --access Allow --protocol Tcp --direction Inbound --priority 300 --source-address-prefix Internet --source-port-range "*" --destination-address-prefix "*" --destination-port-range 9243
    
    az network nsg rule create --resource-group <resourcename> --nsg-name <securityname> --name admin-ui --access Allow --protocol Tcp --direction Inbound --priority 400 --source-address-prefix Internet --source-port-range "*" --destination-address-prefix "*" --destination-port-range 12400
  4. Create a virtual network:

    az network vnet create --resource-group <resourcename> --name <vnetname> --address-prefix 10.0.0.0/16 --subnet-name <default>
  5. Associate the virtual network subnet with your network security group.

    az network vnet subnet update --resource-group <resourcename> --vnet-name <vnetname> --name default --network-security-group <securityname>