Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to create 2 Gateway Subnet reference in virtualnetworkgateway #4482

Closed
vronnG opened this issue Dec 3, 2024 · 2 comments
Closed

Unable to create 2 Gateway Subnet reference in virtualnetworkgateway #4482

vronnG opened this issue Dec 3, 2024 · 2 comments
Labels
bug 🪲 Something isn't working waiting-on-user-response Waiting on more information from the original user before progressing.

Comments

@vronnG
Copy link

vronnG commented Dec 3, 2024
edited
Loading

Describe the bug

When attempting to create multiple Virtual Network Gateways in the same subscription/resource group (Same namespace), we encounter issues with naming constraints on the GatewaySubnet. The Virtual Network Gateway can only be created in a subnet named GatewaySubnet, which leads to conflicts when trying to set up gateways for multiple VNets within the same resource group.

apiVersion: network.azure.com/v1api20201101
kind: VirtualNetworksSubnet
metadata:
  name: gatewaysubnet 
  namespace: sandbox
spec:
  addressPrefix: 10.x.x.x/27
  owner:
    name: vnet1
---
apiVersion: network.azure.com/v1api20201101
kind: VirtualNetworksSubnet
metadata:
  name: gatewaysubnet 
  namespace: sandbox
spec:
  addressPrefix: 10.x.x.x/27
  owner:
    name: vnet2

# How to reference vnet1 gateway ??

apiVersion: network.azure.com/v1api20240301
kind: VirtualNetworkGateway
metadata:
  name: gw-test
  namespace: sandbox
spec:
  location: westus3
  gatewayType: ExpressRoute
  ipConfigurations:
    - name: default
      subnet:
        reference:
          group: network.azure.com
          kind: VirtualNetworksSubnet
          name: gatewaysubnet 
  owner:
    name: rg-networking

# How to reference vnet2 gateway ??


apiVersion: network.azure.com/v1api20240301
kind: VirtualNetworkGateway
metadata:
  name: gw-test
  namespace: sandbox
spec:
  location: westus3
  gatewayType: ExpressRoute
  ipConfigurations:
    - name: default
      subnet:
        reference:
          group: network.azure.com
          kind: VirtualNetworksSubnet
          name: gatewaysubnet 
  owner:
    name: rg-networking

Virtual Network Gateway can only be created in subnet with name 'GatewaySubnet

To Reproduce

  • Create two VNets in the same subscription/resource group (e.g., vnet1 and vnet2).
  • No Peering between 2
  • In both VNets, create a subnet named GatewaySubnet. (Note: The Virtual Network Gateway requires the subnet to be specifically named GatewaySubnet).
  • Attempt to create the subnet with the same name which will fail because of the same name conflict and hence unable to create Virtual Network Gateway for both VNets.

Problem

Issue 1: It's not possible to create two subnets with the same name (GatewaySubnet) within the same subscription/resource group(Same namespace), even though the subnets are in different VNets.
Issue 2: It’s unclear how to create Virtual Network Gateways for multiple VNets within the same resource group(Same namespace) when both require a subnet named GatewaySubnet.

Virtual Network Gateway can only be created in subnet with name 'GatewaySubnet

Expected behavior

It should be possible to create Virtual Network Gateways for multiple VNets, even if they are in the same subscription/resource group, by allowing each VNet to have a GatewaySubnet without conflict.
@vronnG vronnG added the bug 🪲 Something isn't working label Dec 3, 2024
@theunrepentantgeek
Copy link
Member

theunrepentantgeek commented Dec 10, 2024
edited
Loading

If you use kubectl to list VirtualNetworksSubnet you'll find that you currently have only one - because they both have the name gatewaysubnet, the second one overwrites the first.

Fortunately, you can give them different names in the cluster, while still having them called gatewaysubnet in Azure - all ASO resources have an azureName property for precisely this kind of situation.

Try this:

apiVersion: network.azure.com/v1api20201101
kind: VirtualNetworksSubnet
metadata:
  name: gatewaysubnet-vnet1
  namespace: sandbox
spec:
  addressPrefix: 10.x.x.x/27
  owner:
    name: vnet1
  azureName: GatewaySubnet
---
apiVersion: network.azure.com/v1api20201101
kind: VirtualNetworksSubnet
metadata:
  name: gatewaysubnet-vnet2
  namespace: sandbox
spec:
  addressPrefix: 10.x.x.x/27
  owner:
    name: vnet2
  azureName: GatewaySubnet

I've given each subnet a unique name within the cluster, but they both have azureName: GatewaySubnet for when they're created in Azure.

Then you can create your gateway for vnet1 with

apiVersion: network.azure.com/v1api20240301
kind: VirtualNetworkGateway
metadata:
  name: gw-test
  namespace: sandbox
spec:
  location: westus3
  gatewayType: ExpressRoute
  ipConfigurations:
    - name: default
      subnet:
        reference:
          group: network.azure.com
          kind: VirtualNetworksSubnet
          name: gatewaysubnet-vnet1
  owner:
    name: rg-networking

and similarly for the other gateway:

apiVersion: network.azure.com/v1api20240301
kind: VirtualNetworkGateway
metadata:
  name: gw-test
  namespace: sandbox
spec:
  location: westus3
  gatewayType: ExpressRoute
  ipConfigurations:
    - name: default
      subnet:
        reference:
          group: network.azure.com
          kind: VirtualNetworksSubnet
          name: gatewaysubnet-vnet2
  owner:
    name: rg-networking

Note: I've hand modified these yaml fragments without testing, check for typos.

Let us know how you get on.

@theunrepentantgeek theunrepentantgeek added waiting-on-user-response Waiting on more information from the original user before progressing. and removed needs-triage 🔍 labels Dec 10, 2024
@vronnG
Copy link
Author

vronnG commented Dec 11, 2024

Make sense. Thanks for clarifying this. Closing this issue.

@vronnG vronnG closed this as completed Dec 11, 2024
@github-project-automation github-project-automation bot moved this from Backlog to Recently Completed in Azure Service Operator Roadmap Dec 11, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug 🪲 Something isn't working waiting-on-user-response Waiting on more information from the original user before progressing.
Projects
Azure Service Operator Roadmap
Status: Recently Completed
Milestone
No milestone
Development

No branches or pull requests
2 participants
@theunrepentantgeek @vronnG