Configure existing VNET while creating Microsoft Azure Container Service (DC/OS) - azure

We have our own VNET configured. I would like to use the same VNET / subnet while creating the ACS service. I am using DC/OS.
Can I configure the VNET / Subnet and NSG through Azure ACS template ?

At this time configuring VNets is not possible. However this is something we will be fixing very soon. First through some open source template, and once fully tested, through the ACS resource provider in ARM.

Related

Why Azure app service VNET integration failing with new subnet?

I'm trying to connect my app service plan in to VNET. But always failed. I have red threads and everywhere saying App service plan should be Standard or higher.
My App service Plan is S1.
It's just an empty app.
I'm creating new subnet (not select existing one) when configuring VNET.
I have run the trouble-shooter and no issue found with connectivity
Can someone help on this?
There are some limitations with using regional virtual network integration:
Refer MsDoc
If you have already one VNet associated with an app service plan, it would be better if you create a new app service plan and then configure the VNet. I found the same fix here by #Asish Punnose.
"App service plan, VNet as well as App" should be in the same region.
The integration subnet can only use one App Service plan
After considering all the above limitations, I was able to configure VNet successfully.
By adding a new subnet, enabling inbound & outbound traffic addresses with a new virtual network as well as new app service plan I could create an app with standard s1 plan.
Added subnets under VNet integration:
Configured VNet with an app service plan without any error:
Issue was my VNET and App service in different subscription .
But in same region. move app service in to other subscription which contains VNET. Problem solved.
Seems to be VNET integration not working between Resorces in multipole subscriptions .Cheers

Connecting AKS and Web App with VNet integration

I'm trying to connect my Web App to the AKS LoadBalancer through the VNet integration instead of a public load balancer.
The problem here is to integrate VNet into the web app, the VNet needs to have a subnet delegated to Microsoft.Web/serverFarms. On the other hand, AKS cannot be assigned with a subnet that has a delegation.
I have found this that seemingly has done the exact same thing but it seems to be old as I cannot reproduce the same result. Either I get
VNET aks-subnet is missing a delegation to Microsoft.Web/serverFarms. Please add the delegation and try again. or aks-subnet cannot be used as it's a delegated subnet
I have tried to add two subnets one with delegation to managedClusters and use that for my AKS but the same ... cannot be used as it's a delegated subnet happens.
sidenote: I'm using the bicep script to deploy.
VNET Integration requires a dedicated subnet for the App Service that is going to be integrated. This means the subnet cannot be used for any other purpose, i.E. hosting AKS or VMs.
The App Service can then reach services in other subnets on the same VNET or in peered VNETs.
Subnet Size Requirements are a minimum of /27 and Microsoft recommends /26 for production grade environments.
It is sometimes a little tricky to troubleshoot issues with VNET integration, some good hints are documented here.

How to add user route to Azure App Services

I have an Azure VM with inside custom vpn to 172.254.254.0/24 route.
I am able to reach that VM from another azure VM adding an "user route" to a "route table" in that VM. It works perfectly.
Now I have an Azure App Services web application.
I need to add the route above too.
But I am stuck I am not able to do it.
Integrate your app with an Azure Virtual Network
The VNet Integration feature has two variations.
Regional VNet Integration - When connecting to Resource Manager VNets in the same region, you must have a dedicated subnet in the VNet you are integrating with.
Gateway required VNet Integration - When connecting to VNets in other regions or to a Classic VNet in the same region you need a Virtual Network gateway provisioned in the target VNet.
Gateway required VNet Integration only provides access to resources in the target VNet or in networks connected to the target VNet with peering or VPNs. Gateway required VNet Integration doesn't enable access to resources available across ExpressRoute connections or works with service endpoints.
Refer: https://learn.microsoft.com/en-us/azure/app-service/web-sites-integrate-with-vnet#enable-vnet-integration

Azure: Failed to add delegation to the existing subnet

I'm trying to include in an app service an existing VNET but I have this issue:
Failed to add delegation to the existing subnet.:
Delegations of subnet /subscriptions
Cannot be changed from [] to [Microsoft.Web/serverfarms] because it is being used by the resource
Azure Limitation ? How many resources can be used by one VNET ?
The limit is that you have to use an unused subnet for your app service integration When you add VNet (preview) in the networking configuration of app service. Please check if you have any VM resources in that subnet. If it is, you could create an empty subnet for the VNet integration. Read more details here.

Cannot integrate Azure Web App to Vnet

I have Web App and SQL Server VM on Vnet running on Azure.  I would like to integrate Web App to virtual network.
I'm followings https://learn.microsoft.com/en-us/azure/app-service-web/web-sites-integrate-with-vnet#managing-the-vnet-integrations
1) I created gateway subnet and gateway.
2) I opened "App Service->Networking->VNet integration->Setup->Virtual network is visible but it is gray!
What I need to do that I can connect Web App to Vnet?
There are multiple reasons that a VNet can be grayed out including:
• the VNet is in another subscription that your account has access to
• the VNet does not have Point to Site enabled
• the VNet does not have a dynamic routing gateway
According to your steps, This issue may caused by that you might not configure a P2S address pool of your VPN gateway .
I did a test in my lab, and finally I can integrate my Web App to the Vnet.
You should to check these two point as following images:
Your VPN ponit-to-site configuration:
Your VNet connected devices:
How to Enabling Point to Site in a Resource Manager VNet:
To configure a Resource Manager VNet with a gateway and Point to Site, you can use either PowerShell as documented here, Configure a Point-to-Site connection to a virtual network using PowerShell or use the Azure portal as documented here, Configure a Point-to-Site connection to a VNet using the Azure portal. The UI to perform this capability is not yet available. Note that you need to create certificates for the Point to Site configuration. This is automatically configured when you connect your WebApp to the VNet.

Resources