split subnets to allow UDR to work + completed all configs

docs/01-infrastructure-azure.md

@@ -90,19 +90,40 @@ azure network vnet create \
 	--location "West Us"
 ```
 
-Create Kubernetes Subnet
+Create Subnets
 
 ```
+# Azure UDR routes traffic going outside 
+# the subnet
+# workers have to be on their own subnet
+
+azure network vnet subnet create \
+	--resource-group the-hard-way \
+	--vnet-name the-hard-way-net \
+	--name kubernetes-mgmt \
+	--address-prefix 10.0.0.0/16
+
+
 azure network vnet subnet create \
 	--resource-group the-hard-way \
 	--vnet-name the-hard-way-net \
 	--name kubernetes \
-	--address-prefix 10.0.0.0/8
+	--address-prefix 10.239.0.0/11
-```
 
-Link Routing Table and NSG to Kubernetes Subnet
 
 ```
+
+Link routing table and NSG to Kubernetes/-mgmt subnets
+
+```
+azure network vnet subnet set \
+	--resource-group the-hard-way \
+	--vnet-name the-hard-way-net \
+	--name kubernetes-mgmt \
+	--network-security-group-name the-hard-way-nsg \
+	--route-table-name the-hard-way-rtable
+
+
 azure network vnet subnet set \
 	--resource-group the-hard-way \
 	--vnet-name the-hard-way-net \
@@ -112,13 +133,13 @@ azure network vnet subnet set \
 ```
 
 
-Create Public IP + DNS label for JumpBox
+Create public IP + DNS label for the jumpbox
 
 ```
 azure network public-ip create \
 	--resource-group the-hard-way \
 	--name the-hard-way-jumpbox  \
-	--allocation-method Static \
+	--allocation-method Dynamic \
 	--domain-name-label $jumpboxDnsLabel \
 	--location "West Us"
 ```
@@ -166,7 +187,7 @@ azure network nic create \
 	--name jumpbox-nic \
 	--private-ip-address "10.0.0.5" \
 	--subnet-vnet-name the-hard-way-net  \
-	--subnet-name kubernetes  \
+	--subnet-name kubernetes-mgmt  \
 	--public-ip-name the-hard-way-jumpbox \
 	--location "West Us"
 ```
@@ -180,7 +201,7 @@ azure vm create \
 	--vm-size Standard_A1 \
 	--nic-name jumpbox-nic \
 	--vnet-name the-hard-way-net  \
-	--vnet-subnet-name kubernetes  \
+	--vnet-subnet-name kubernetes-mgmt  \
 	--os-type linux \
 	--image-urn $imageUrn \
 	--storage-account-name $controlPlaneStorageAccount \
@@ -300,7 +321,7 @@ azure vm create \
 #### Controllers Internal Load Balancer 
 
 
-Create controllers load balancer 
+Create controllers internal load balancer 
 
 ```
 azure network lb create \
@@ -316,7 +337,7 @@ azure network lb frontend-ip create \
 	--resource-group the-hard-way \
 	--name the-hard-way-cfe  \
 	--lb-name the-hard-way-clb \
-	--private-ip-address "10.0.0.4" \
+	--private-ip-address "10.240.0.4" \
 	--subnet-vnet-name the-hard-way-net \
 	--subnet-name kubernetes
 ```
@@ -454,13 +475,13 @@ azure vm create \
 
 #### Workers External Load Balancer 
 
-Create public IP + DNS label for workers ingestion load balancer
+Create public IP + DNS label for workers ingestion external load balancer
 
 ```
 azure network public-ip create \
 	--resource-group the-hard-way \
 	--name the-hard-way-workers  \
-	--allocation-method Static \
+	--allocation-method Dynamic \
 	--domain-name-label $workersDnsLabel \
 	--location "West Us"
 ```
@@ -481,9 +502,7 @@ azure network lb frontend-ip create \
 	--resource-group the-hard-way \
 	--name the-hard-way-fe  \
 	--lb-name the-hard-way-lb \
-	--public-ip-name the-hard-way-workers \
+	--public-ip-name the-hard-way-workers
-	--subnet-vnet-name the-hard-way-net \
-	--subnet-name kubernetes
 ```
 
 Create a backend address pool for the load balancer

docs/02-certificate-authority.md

@@ -138,6 +138,9 @@ KUBERNETES_PUBLIC_ADDRESS=$(aws elb describe-load-balancers \
 ```
 
 #### Azure
+
+this gets the address of the internal controllers load balancer
+
 ```
 KUBERNETES_PUBLIC_ADDRESS=$(azure network lb show \
   --resource-group the-hard-way \
@@ -253,14 +256,18 @@ done
 ```
 
 ### Azure
+
 If you are using the jumpbox to create the certificates
+
 ```
 for host in ${KUBERNETES_HOSTS[*]}; do
   scp -i ./cluster ca.pem kubernetes-key.pem kubernetes.pem \
     thehardway@${host}:~/
 done
 ```
+
 If you used a different machine
+
 ```
 
 #Get jumpbox address

docs/03-etcd.md

@@ -96,9 +96,11 @@ INTERNAL_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
 ```
 
 #### Azure
+
 ```
 INTERNAL_IP=$(ifconfig eth0 | grep 'inet ' | cut -d: -f2 | awk '{print $1}')
 ```
+
 ---
 
 Set the etcd name:

docs/04-kubernetes-controller.md

@@ -126,6 +126,7 @@ INTERNAL_IP=$(curl -s http://169.254.169.254/latest/meta-data/local-ipv4)
 ```
 
 #### Azure
+
 ```
 INTERNAL_IP=$(ifconfig eth0 | grep 'inet ' | cut -d: -f2 | awk '{print $1}')
 ```
@@ -336,6 +337,7 @@ aws elb register-instances-with-load-balancer \
 
 
 ### Azure
+
 ```
 azure network lb probe create \
   --resource-group the-hard-way \
@@ -355,5 +357,4 @@ azure network lb rule create \
   --frontend-ip-name the-hard-way-cfe \
   --backend-address-pool-name backend-pool\
   --probe-name controller-api-server-health
-
 ```

docs/07-network.md

@@ -118,3 +118,31 @@ aws ec2 create-route \
   --destination-cidr-block 10.200.2.0/24 \
   --instance-id ${WORKER_2_INSTANCE_ID}
 ```
+
+### Azure
+
+```
+azure network route-table route create \
+  --resource-group the-hard-way \
+  --name worker0-route \
+  --route-table-name the-hard-way-rtable \
+  --address-prefix 10.200.0.0/24 \
+  --next-hop-ip-address 10.240.0.30 \
+  --next-hop-type VirtualAppliance
+
+azure network route-table route create \
+  --resource-group the-hard-way \
+  --name worker1-route \
+  --route-table-name the-hard-way-rtable \
+  --address-prefix 10.200.1.0/24 \
+  --next-hop-ip-address 10.240.0.31 \
+  --next-hop-type VirtualAppliance
+
+azure network route-table route create \
+  --resource-group the-hard-way \
+  --name worker2-route \
+  --route-table-name the-hard-way-rtable \
+  --address-prefix 10.200.2.0/24 \
+  --next-hop-ip-address 10.240.0.32 \
+  --next-hop-type VirtualAppliance  
+```

docs/09-smoke-test.md

@@ -79,6 +79,52 @@ NODE_PUBLIC_IP=$(aws ec2 describe-instances \
   jq -j '.Reservations[].Instances[].PublicIpAddress')
 ```
 
+#### Azure
+
+```
+# Get the fqdn for the public worker ingestion load balancer
+
+NODE_PUBLIC_IP=$(azure network public-ip show \
+  --resource-group the-hard-way \
+  --name the-hard-way-workers \
+  --json | jq -r '.dnsSettings.fqdn')
+
+# Add NSG rule to enable traffic to node ports
+
+azure network nsg rule create \
+	--resource-group the-hard-way \
+	--nsg-name the-hard-way-nsg \
+	--name allow-internet-$NODE_PORT \
+	--protocol tcp \
+	--access allow  \
+  --source-address-prefix Internet \
+	--destination-address-prefix 10.240.0.0/16 \
+	--destination-port-range $NODE_PORT \
+	--priority 110 \
+	--direction inbound
+
+# Create balancing rules NODE_PORT:NODE_PORT on the load balancer
+
+azure network lb probe create \
+  --resource-group the-hard-way \
+  --lb-name the-hard-way-lb \
+  --name nginx-app-health \
+  --interval 5 \
+  --port $NODE_PORT \
+  --protocol tcp
+  
+
+azure network lb rule create \
+  --resource-group the-hard-way \
+  --lb-name the-hard-way-lb \
+  --name nginx-app  \
+  --frontend-port $NODE_PORT \
+  --backend-port $NODE_PORT \
+  --frontend-ip-name the-hard-way-fe \
+  --backend-address-pool-name backend-pool\
+  --probe-name nginx-app-health
+```
+
 ---
 
 Test the nginx service using cURL:

docs/10-cleanup.md

@@ -206,3 +206,11 @@ DHCP_OPTION_SET_ID=$(aws ec2 describe-dhcp-options \
 aws ec2 delete-dhcp-options \
   --dhcp-options-id ${DHCP_OPTION_SET_ID}
 ```
+
+## Azure 
+
+The following deletes all resources created.
+
+```
+azure group delete the-hard-way
+```