https://github.com/tigera-solutions/azure-virtual-wan-calico-networking
[Azure Blueprint] Learn how to deploy Azure Managed Hub-Spoke using Virtual WAN and Calico Networking
https://github.com/tigera-solutions/azure-virtual-wan-calico-networking
aks azure egress-filtering egress-gateway security
Last synced: 2 months ago
JSON representation
[Azure Blueprint] Learn how to deploy Azure Managed Hub-Spoke using Virtual WAN and Calico Networking
- Host: GitHub
- URL: https://github.com/tigera-solutions/azure-virtual-wan-calico-networking
- Owner: tigera-solutions
- License: apache-2.0
- Created: 2024-01-17T00:20:56.000Z (over 1 year ago)
- Default Branch: main
- Last Pushed: 2024-01-19T13:27:52.000Z (over 1 year ago)
- Last Synced: 2025-03-26T21:47:38.579Z (3 months ago)
- Topics: aks, azure, egress-filtering, egress-gateway, security
- Language: HCL
- Homepage:
- Size: 13.7 KB
- Stars: 4
- Watchers: 3
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# azure-virtual-wan-calico-networking
Work In Progress..
## Deploy
```
terraform init
terraform apply --auto-approve
```
Currently, the process of creating BGP connections will encounter a failure because the APIs of the azapi provider are not waiting for the Virtual Hub's routing status to be fully provisioned before they report success. If you experience this failure, a simple workaround is to run terraform apply once more. This should help complete the process successfully.
Github issue: https://github.com/Azure/terraform-provider-azapi/issues/402
## Validate
```
kubectl apply -f manifests
```
```
kubectl -n calico-system exec -t $(kubectl -n calico-system get po -l k8s-app=calico-node -ojsonpath='{.items[0].metadata.name}') -- birdcl -s /var/run/calico/bird.ctl -r show proto all
kubectl -n calico-system exec -t $(kubectl -n calico-system get po -l k8s-app=calico-node -ojsonpath='{.items[1].metadata.name}') -- birdcl -s /var/run/calico/bird.ctl -r show proto all
```
```
RT=$(az network vhub route-table show --resource-group demo-virtual-wan --vhub-name demo-virtual-wan-vhub --name defaultRouteTable --query id -o tsv)
az network vhub get-effective-routes -g demo-virtual-wan -n demo-virtual-wan-vhub --resource-type RouteTable --resource-id $RT
```
## Cleanup
```
terraform destroy --auto-approve
```
or
```
az group delete --resource-group --no-wait
```
## Reference
- Microsoft Virtual WAN documentation - [Configure BGP peering to an NVA](https://learn.microsoft.com/en-us/azure/virtual-wan/create-bgp-peering-hub-portal)
- Microsoft Virtual WAN documentation - [Configure Azure Firewall in a Virtual WAN hub](https://learn.microsoft.com/en-us/azure/virtual-wan/howto-firewall)
- Microsoft Virtual WAN documentation - [Virtual WAN routing deep dive](https://learn.microsoft.com/en-us/azure/virtual-wan/routing-deep-dive)
- Microsoft Build 2023 - [You really can manage ALL Microsoft Azure services and features with Terraform](https://www.youtube.com/watch?v=CTFyjN7zvHg)