brusMX · September 13, 2017 23:25
diff --git a/create-hybrid-vnet.sh b/create-hybrid-vnet.sh
 #!/bin/bash
 # Interactively create an Azure Service Principal for any of your subscriptions
 # Author: Bruno Medina (@brusmx)
 # Requirements:
 # - Azure Cli 2.0
 #
 # Example of usage: 
 # sh create-hybrid-vnet.sh

 # Making sure it's connected
 DEFAULT_ACCOUNT=`az account show`
 DEFAULT_ACCOUNT_ID=`echo $DEFAULT_ACCOUNT | jq -r '.id'`
 if [ ! -z "$DEFAULT_ACCOUNT_ID" ]; then
 # Create resource groups
 PREMISE_RG=$(mktemp PREMISE-RG-XXXXXXX)
 PREMISE_LOC=southcentralus
 CLOUD_RG=$(mktemp CLOUDRG-RG-XXXXXXX)
 CLOUD_LOC=eastus2
 az group create -n $PREMISE_RG -l $PREMISE_LOC
 az group create -n $CLOUD_RG -l $CLOUD_LOC

 # Networking - Following @xtophs guid to vnet 
 # One subnet for nodes, one for k8s (containers), and  one for vnets
 echo "Creating 'Premise' Virtual Network"
 # -- PREMISE ---
 PREMISE_VNET=$(mktemp PREMISE-VNET-XXX)
 PREMISE_VNET_CIDR=10.0.0.0/9
 PREMISE_NODES_SUBNET=$(mktemp PREMISE-K8S-SUBNET-XX)
 #PREMISE_NODES_NSG=$(mktemp PREMISE-K8S-NSG-XX)
 PREMISE_NODES_SUBNET_CIDR="10.39.0.0/16"
 PREMISE_K8S_SUBNET=$(mktemp PREMISE-K8S-SUBNET-XX)
 PREMISE_K8S_NSG=$(mktemp PREMISE-K8S-NSG-XX)
 PREMISE_K8S_SUBNET_CIDR="10.44.0.0/16"
 PREMISE_VNETS_SUBNET=$(mktemp PREMISE-K8S-SUBNET-XX)
 PREMISE_VNETS_NSG=$(mktemp PREMISE-K8S-NSG-XX)
 PREMISE_VNETS_SUBNET_CIDR="10.38.0.0/16"
 # Create vnet on premise
 az network vnet create -n $PREMISE_VNET -g $PREMISE_RG --address-prefix $PREMISE_VNET_CIDR
 # Create subnet for nodes
 #az network nsg create -n $PREMISE_NODES_NSG -g $PREMISE_RG -l $PREMISE_LOC
 az network vnet subnet create -g $PREMISE_RG --vnet-name $PREMISE_VNET  -n $PREMISE_NODES_SUBNET --address-prefix $PREMISE_NODES_SUBNET_CIDR 
 #--network-security-group $PREMISE_NODES_NSG
 # Create subnet for containers (k8s)
 az network vnet subnet create -g $PREMISE_RG --vnet-name $PREMISE_VNET  -n $PREMISE_K8S_SUBNET --address-prefix $PREMISE_K8S_SUBNET_CIDR 
 # Create subnet for vnets
 az network vnet subnet create -g $PREMISE_RG --vnet-name $PREMISE_VNET  -n $PREMISE_VNETS_SUBNET --address-prefix $PREMISE_VNETS_SUBNET_CIDR


 # -- CLOUD ---
 echo "Creating 'Cloud' Virtual Network"
 CLOUD_VNET=$(mktemp CLOUD-VNET-XXX)
 CLOUD_VNET_CIDR=10.128.0.0/9
 CLOUD_NODES_SUBNET=$(mktemp CLOUD-K8S-SUBNET-XX)
 #CLOUD_NODES_NSG=$(mktemp CLOUD-K8S-NSG-XX)
 CLOUD_NODES_SUBNET_CIDR="10.239.0.0/16"
 CLOUD_K8S_SUBNET=$(mktemp CLOUD-K8S-SUBNET-XX)
 CLOUD_K8S_SUBNET_CIDR="10.244.0.0/16"
 CLOUD_VNETS_SUBNET=$(mktemp CLOUD-K8S-SUBNET-XX)
 CLOUD_VNETS_SUBNET_CIDR="10.238.0.0/16"
 # Create vnet on CLOUD
 az network vnet create -n $CLOUD_VNET -g $CLOUD_RG --address-prefix $CLOUD_VNET_CIDR
 # Create subnet for nodes
 #az network nsg create -n $CLOUD_NODES_NSG -g $CLOUD_RG -l $CLOUD_LOC
 az network vnet subnet create -g $CLOUD_RG --vnet-name $CLOUD_VNET  -n $CLOUD_NODES_SUBNET --address-prefix $CLOUD_NODES_SUBNET_CIDR 
 #--network-security-group $CLOUD_NODES_NSG
 # Create subnet for containers (k8s)
 az network vnet subnet create -g $CLOUD_RG --vnet-name $CLOUD_VNET  -n $CLOUD_K8S_SUBNET --address-prefix $CLOUD_K8S_SUBNET_CIDR 
 # Create subnet for vnets
 az network vnet subnet create -g $CLOUD_RG --vnet-name $CLOUD_VNET  -n $CLOUD_VNETS_SUBNET --address-prefix $CLOUD_VNETS_SUBNET_CIDR 

 echo "Creating Gateways, it takes up to 45 minutes ..."
 # -- Gateways--
 PREMISE_GW=$(mktemp PREMISE-GATEWAY-XX)
 PREMISE_GW_IP=$(mktemp PREMISE-GATEWAY-IP-X)
 PREMISE_GW_VNET_CIDR="10.42.100.0/27"
 az network public-ip create -g $PREMISE_RG -n $PREMISE_GW_IP
 az network vnet subnet create -g $PREMISE_RG --vnet-name $PREMISE_VNET  -n GatewaySubnet --address-prefix  $PREMISE_GW_VNET_CIDR
 az network vnet-gateway create -g $PREMISE_RG --vnet $PREMISE_VNET -n $PREMISE_GW --public-ip-address $PREMISE_GW_IP --sku VpnGw1 --no-wait
 CLOUD_GW=$(mktemp CLOUD-GATEWAY-XX)
 CLOUD_GW_IP=$(mktemp CLOUD-GATEWAY-IP-X)
 CLOUD_GW_VNET_CIDR="10.142.200.0/27"
 az network public-ip create -g $CLOUD_RG -n $CLOUD_GW_IP
 az network vnet subnet create -g $CLOUD_RG --vnet-name $CLOUD_VNET  -n GatewaySubnet --address-prefix  $CLOUD_GW_VNET_CIDR
 az network vnet-gateway create -g $CLOUD_RG --vnet $CLOUD_VNET -n $CLOUD_GW --public-ip-address $CLOUD_GW_IP --sku VpnGw1 --no-wait

 # Create VPN connection between gateways
 echo " Run the following command when both Gateways have been created."
 echo "az network vpn-connection create -g $PREMISE_RG -n PremiseToCloudConnection --vnet-gateway1 $PREMISE_GW  --vnet-gateway2 $CLOUD_GW --shared-key $PREMISE_RG-$PREMISE_RG"
 # TODO: Apparently NSG should be only for master rules for k8s, probably allow_kube_tls on 443 and ssh on 22 
 else
    echo "Your subscription couldn't be found, make sure you have logged in:"
    echo "az login"
    exit 1
 fi
	#!/bin/bash
	# Interactively create an Azure Service Principal for any of your subscriptions
	# Author: Bruno Medina (@brusmx)
	# Requirements:
	# - Azure Cli 2.0
	#
	# Example of usage:
	# sh create-hybrid-vnet.sh

	# Making sure it's connected
	DEFAULT_ACCOUNT=`az account show`
	DEFAULT_ACCOUNT_ID=`echo $DEFAULT_ACCOUNT \| jq -r '.id'`
	if [ ! -z "$DEFAULT_ACCOUNT_ID" ]; then
	# Create resource groups
	PREMISE_RG=$(mktemp PREMISE-RG-XXXXXXX)
	PREMISE_LOC=southcentralus
	CLOUD_RG=$(mktemp CLOUDRG-RG-XXXXXXX)
	CLOUD_LOC=eastus2
	az group create -n $PREMISE_RG -l $PREMISE_LOC
	az group create -n $CLOUD_RG -l $CLOUD_LOC

	# Networking - Following @xtophs guid to vnet
	# One subnet for nodes, one for k8s (containers), and one for vnets
	echo "Creating 'Premise' Virtual Network"
	# -- PREMISE ---
	PREMISE_VNET=$(mktemp PREMISE-VNET-XXX)
	PREMISE_VNET_CIDR=10.0.0.0/9
	PREMISE_NODES_SUBNET=$(mktemp PREMISE-K8S-SUBNET-XX)
	#PREMISE_NODES_NSG=$(mktemp PREMISE-K8S-NSG-XX)
	PREMISE_NODES_SUBNET_CIDR="10.39.0.0/16"
	PREMISE_K8S_SUBNET=$(mktemp PREMISE-K8S-SUBNET-XX)
	PREMISE_K8S_NSG=$(mktemp PREMISE-K8S-NSG-XX)
	PREMISE_K8S_SUBNET_CIDR="10.44.0.0/16"
	PREMISE_VNETS_SUBNET=$(mktemp PREMISE-K8S-SUBNET-XX)
	PREMISE_VNETS_NSG=$(mktemp PREMISE-K8S-NSG-XX)
	PREMISE_VNETS_SUBNET_CIDR="10.38.0.0/16"
	# Create vnet on premise
	az network vnet create -n $PREMISE_VNET -g $PREMISE_RG --address-prefix $PREMISE_VNET_CIDR
	# Create subnet for nodes
	#az network nsg create -n $PREMISE_NODES_NSG -g $PREMISE_RG -l $PREMISE_LOC
	az network vnet subnet create -g $PREMISE_RG --vnet-name $PREMISE_VNET -n $PREMISE_NODES_SUBNET --address-prefix $PREMISE_NODES_SUBNET_CIDR
	#--network-security-group $PREMISE_NODES_NSG
	# Create subnet for containers (k8s)
	az network vnet subnet create -g $PREMISE_RG --vnet-name $PREMISE_VNET -n $PREMISE_K8S_SUBNET --address-prefix $PREMISE_K8S_SUBNET_CIDR
	# Create subnet for vnets
	az network vnet subnet create -g $PREMISE_RG --vnet-name $PREMISE_VNET -n $PREMISE_VNETS_SUBNET --address-prefix $PREMISE_VNETS_SUBNET_CIDR


	# -- CLOUD ---
	echo "Creating 'Cloud' Virtual Network"
	CLOUD_VNET=$(mktemp CLOUD-VNET-XXX)
	CLOUD_VNET_CIDR=10.128.0.0/9
	CLOUD_NODES_SUBNET=$(mktemp CLOUD-K8S-SUBNET-XX)
	#CLOUD_NODES_NSG=$(mktemp CLOUD-K8S-NSG-XX)
	CLOUD_NODES_SUBNET_CIDR="10.239.0.0/16"
	CLOUD_K8S_SUBNET=$(mktemp CLOUD-K8S-SUBNET-XX)
	CLOUD_K8S_SUBNET_CIDR="10.244.0.0/16"
	CLOUD_VNETS_SUBNET=$(mktemp CLOUD-K8S-SUBNET-XX)
	CLOUD_VNETS_SUBNET_CIDR="10.238.0.0/16"
	# Create vnet on CLOUD
	az network vnet create -n $CLOUD_VNET -g $CLOUD_RG --address-prefix $CLOUD_VNET_CIDR
	# Create subnet for nodes
	#az network nsg create -n $CLOUD_NODES_NSG -g $CLOUD_RG -l $CLOUD_LOC
	az network vnet subnet create -g $CLOUD_RG --vnet-name $CLOUD_VNET -n $CLOUD_NODES_SUBNET --address-prefix $CLOUD_NODES_SUBNET_CIDR
	#--network-security-group $CLOUD_NODES_NSG
	# Create subnet for containers (k8s)
	az network vnet subnet create -g $CLOUD_RG --vnet-name $CLOUD_VNET -n $CLOUD_K8S_SUBNET --address-prefix $CLOUD_K8S_SUBNET_CIDR
	# Create subnet for vnets
	az network vnet subnet create -g $CLOUD_RG --vnet-name $CLOUD_VNET -n $CLOUD_VNETS_SUBNET --address-prefix $CLOUD_VNETS_SUBNET_CIDR

	echo "Creating Gateways, it takes up to 45 minutes ..."
	# -- Gateways--
	PREMISE_GW=$(mktemp PREMISE-GATEWAY-XX)
	PREMISE_GW_IP=$(mktemp PREMISE-GATEWAY-IP-X)
	PREMISE_GW_VNET_CIDR="10.42.100.0/27"
	az network public-ip create -g $PREMISE_RG -n $PREMISE_GW_IP
	az network vnet subnet create -g $PREMISE_RG --vnet-name $PREMISE_VNET -n GatewaySubnet --address-prefix $PREMISE_GW_VNET_CIDR
	az network vnet-gateway create -g $PREMISE_RG --vnet $PREMISE_VNET -n $PREMISE_GW --public-ip-address $PREMISE_GW_IP --sku VpnGw1 --no-wait
	CLOUD_GW=$(mktemp CLOUD-GATEWAY-XX)
	CLOUD_GW_IP=$(mktemp CLOUD-GATEWAY-IP-X)
	CLOUD_GW_VNET_CIDR="10.142.200.0/27"
	az network public-ip create -g $CLOUD_RG -n $CLOUD_GW_IP
	az network vnet subnet create -g $CLOUD_RG --vnet-name $CLOUD_VNET -n GatewaySubnet --address-prefix $CLOUD_GW_VNET_CIDR
	az network vnet-gateway create -g $CLOUD_RG --vnet $CLOUD_VNET -n $CLOUD_GW --public-ip-address $CLOUD_GW_IP --sku VpnGw1 --no-wait

	# Create VPN connection between gateways
	echo " Run the following command when both Gateways have been created."
	echo "az network vpn-connection create -g $PREMISE_RG -n PremiseToCloudConnection --vnet-gateway1 $PREMISE_GW --vnet-gateway2 $CLOUD_GW --shared-key $PREMISE_RG-$PREMISE_RG"
	# TODO: Apparently NSG should be only for master rules for k8s, probably allow_kube_tls on 443 and ssh on 22
	else
	echo "Your subscription couldn't be found, make sure you have logged in:"
	echo "az login"
	exit 1
	fi