Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Azure NSG Setup #2119

Closed
MReprogle1 opened this issue May 15, 2024 · 7 comments
Closed

Azure NSG Setup #2119

MReprogle1 opened this issue May 15, 2024 · 7 comments

Comments

@MReprogle1
Copy link

I am going through the setup and am trying to get an environment set up in Azure. However, I am looking at these two steps:

Allow SOME inbound traffic from the Internet -> VNET2_SUB1 to allow the Azure machinery to communicate with Azure.
Allow SOME outbound traffic from VNET2_SUB1 -> Internet to allow the Azure machinery to communicate with Azure.

With these two, what would you mean by SOME?
Do you just pick a random source port for this to be SOME, or just set it to 443 or something?
image
@doomedraven
Copy link
Collaborator

@cccs-kevin can you clarify plz?

@MReprogle1
Copy link
Author

@cccs-kevin can you clarify plz?

In the install docs for setting up CAPE in Azure, it says:
"Allow SOME inbound traffic from the Internet -> VNET2_SUB1 to allow the Azure machinery to communicate with Azure."

I was hoping to see what they meant by SOME traffic.

@doomedraven
Copy link
Collaborator

that was asking another person if he can help you, not asking you clarify the question

@cccs-kevin
Copy link
Collaborator

Thanks @doomedraven 🍕

Hey sorry, coming in late here, "SOME" is the traffic between the IP of the primary network interface that the CAPE daemon would use to communicate with the Internet (and what the Azure machinery would use to connect to Azure), and the "Internet" service tag. I'm looking at my rules and it looks like I only have an outbound rule for IP -> Internet, so maybe the inbound rule mentioned in the documentation is not necessary, but for completeness' sake, I would include it.

If you have any other questions, let me know!

@MReprogle1
Copy link
Author

Thanks @doomedraven 🍕

Hey sorry, coming in late here, "SOME" is the traffic between the IP of the primary network interface that the CAPE daemon would use to communicate with the Internet (and what the Azure machinery would use to connect to Azure), and the "Internet" service tag. I'm looking at my rules and it looks like I only have an outbound rule for IP -> Internet, so maybe the inbound rule mentioned in the documentation is not necessary, but for completeness' sake, I would include it.

If you have any other questions, let me know!

Awesome, thanks for the clarification here! I think the network admin in me was looking for a specific port to allow. This is how I set it up, and actually thought I might be doing it wrong, so I was just wanting to check before I got to the point where it needed that internet access and ended up breaking on me.

And, if you happen to have any other Azure related documentation, I would love to take a look at it. Outside of the initial 'Deploying to the Cloud' documentation, there doesn't seem to be a ton out there in terms of setting this up in Azure, so I'd be willing to take a look at any other info you have!

@cccs-kevin
Copy link
Collaborator

Thanks @doomedraven 🍕
Hey sorry, coming in late here, "SOME" is the traffic between the IP of the primary network interface that the CAPE daemon would use to communicate with the Internet (and what the Azure machinery would use to connect to Azure), and the "Internet" service tag. I'm looking at my rules and it looks like I only have an outbound rule for IP -> Internet, so maybe the inbound rule mentioned in the documentation is not necessary, but for completeness' sake, I would include it.
If you have any other questions, let me know!

Awesome, thanks for the clarification here! I think the network admin in me was looking for a specific port to allow. This is how I set it up, and actually thought I might be doing it wrong, so I was just wanting to check before I got to the point where it needed that internet access and ended up breaking on me.

And, if you happen to have any other Azure related documentation, I would love to take a look at it. Outside of the initial 'Deploying to the Cloud' documentation, there doesn't seem to be a ton out there in terms of setting this up in Azure, so I'd be willing to take a look at any other info you have!

Haha fair enough, I wrote the "Deploying to the Cloud" documentation (hence why @doomedraven tagged me), and I tried to make it general enough for all users. Turns out it was too general! I don't have too much time right now to improve the docs, so if there is anything you would like to add based on your experience, I'll review it and compare it with my architecture :)

@doomedraven
Copy link
Collaborator

Closing this as solved, thanks Kevin, @MReprogle1 feel free to ask questions about azure in this closed issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@doomedraven @MReprogle1 @cccs-kevin