-
Sub-task
-
Resolution: Unresolved
-
Critical
-
None
-
None
-
Quality / Stability / Reliability
-
5
-
False
-
-
False
-
-
-
ACM Console Train 37 - 1
After clusters are deployed, configure Azure networking for Submariner and deploy it.
Step 1 – Azure networking:
Run subctl cloud prepare azure on each managed cluster to create dedicated gateway VMs with public IPs and NSGs. This command assigns a static public IP directly to the gateway NIC (source) and creates a dedicated NSG (infraID-submariner-external-sg) with Submariner port rules (source). It does not create Load Balancer NAT rules – traffic bypasses the LB (gateway deployer).
Requires metadata.json from the installer output and an Azure service principal auth file (prepare orchestration):
subctl cloud prepare azure --ocp-metadata managed1/metadata.json --auth-file my.auth subctl cloud prepare azure --ocp-metadata managed2/metadata.json --auth-file my.auth
If metadata.json is unavailable, fall back to manual Azure portal/az CLI configuration per the CCLM Network Guide (public IP on NIC, NSG rules, LB NAT rules).
Step 2 – Deploy Submariner:
subctl deploy-broker --kubeconfig managed1kubeconfig subctl join --kubeconfig managed1kubeconfig --clusterid managed1 ./broker-info.subm subctl join --kubeconfig managed2kubeconfig --clusterid managed2 ./broker-info.subm
Step 3 – Verify:
subctl show gateways --kubeconfig managed1kubeconfig subctl show gateways --kubeconfig managed2kubeconfig subctl show connections --kubeconfig managed1kubeconfig
Gateway connections must show "All connections (1) are established."
References: