Creating a virtual network with two empty subnets

If you have an existing virtual network that meets your needs, you can skip this step.

Procedure

  1. Set the environment variables in the shell environment where you plan to run az commands:
    LOCATION=eastus               # the location of your cluster
    RESOURCEGROUP=aro-gi310-rg1   # the name of the resource group where you want to create your cluster
    CLUSTER=gi301-cluster1        # the name of your cluster
    PULL_SECRET=~/Downloads/pull-secret.txt
  2. Create a resource group:
    az group create --name $RESOURCEGROUP  --location $LOCATION
  3. Create a new virtual network in the resource group that you created in step 2:
    az network vnet create \
       --resource-group $RESOURCEGROUP \
       --name aro-vnet \
       --address-prefixes 10.0.0.0/22
  4. Add an empty subnet for the master nodes:
    az network vnet subnet create \
      --resource-group $RESOURCEGROUP \
      --vnet-name aro-vnet \
      --name master-subnet \
      --address-prefixes 10.0.0.0/23 \
      --service-endpoints Microsoft.ContainerRegistry
  5. Add an empty subnet for the worker nodes:
    az network vnet subnet create \
      --resource-group $RESOURCEGROUP \
      --vnet-name aro-vnet \
      --name worker-subnet \
      --address-prefixes 10.0.2.0/23 \
      --service-endpoints Microsoft.ContainerRegistry
  6. Disable the subnet private endpoint policies on the master subnet, so the service can connect to and manage the cluster.
    az network vnet subnet update \
      --name master-subnet \
      --resource-group $RESOURCEGROUP \
      --vnet-name aro-vnet \
      --disable-private-link-service-network-policies true