Document what cloud prepare does on each platform

[skitt]

subctl cloud prepare is typically strongly tied to OpenShift, and documented as only supported on OpenShift (e.g. at least on some platforms it relies on MachineSet support). For non-OpenShift users, it would be useful to document what cloud prepare does on each platform, so that users can replicate its work manually.

[aswinsuryan]

These are the steps that need to be followed.

1. Tag a node as gateway node.

kubectl label nodes <worker-node-name> "submariner.io/gateway=true" --overwrite

2. Create a public IP and assign it to the VM of the node that was tagged as g/w node

az network public-ip create --name <public-ip-name> --resource-group <res-group>
az network nic ip-config update --name <name>  --nic-name <gw-vm-nic> --resource-group <res-group>  --public-ip-address <public-ip-name>

3. Create a network security group for submariner gateway

az network nsg create --name <gw-nsg-name> --resource-group <rescource group>

4. Create NSG (network security groups) security rules on your Azure to open NAT traversal ports (by default 4500/UDP) Nat discovery port (by default 4490/UDP) metrics port (by default 8080/TCP) for Submariner. This needs to be created in both inbound and outbound directions.

az network nsg rule create --resource-group <res-group> \
--nsg-name <gw-nsg-name> --priority <priority> \
--name <name> --direction Inbound --access Allow \
--protocol <Protocol> --destination-port-ranges <ipsec-port>

az network nsg rule create --resource-group <res-group> \
--nsg-name <gw-nsg-name> --priority <priority> \
--name <name> --direction Outbound --access Allow \
--protocol <Protocol> --destination-port-ranges <ipsec-port>

5. Attach the security group to the g/w VM interface

az network nic update -g <res-group> -n <gw-vm-nic> --network-security-group <gw-nsg-name>

6. Create NSG (network security groups) security rules on your Azure to open VXLAN port (by default 4800/UDP) on the existing security groups that is associated with the worker and the master

  az network nsg rule create --resource-group <res-group> \
--nsg-name <nsg-name> --priority <priority> \
--name <name> --direction Inbound --access Allow \
--protocol <Protocol> --destination-port-ranges <ipsec-port>

az network nsg rule create --resource-group <res-group> \
--nsg-name <nsg-name> --priority <priority> \
--name <name> --direction Outbound --access Allow \
--protocol <Protocol> --destination-port-ranges <ipsec-port>

[stale[bot]]

This issue has been automatically marked as stale because it has not had activity for 60 days. It will be closed if no further activity occurs. Please make a comment if this issue/pr is still valid. Thank you for your contributions.

[dfarrell07]

The dependency on MachineSet will go away when we have LoadBalancer mode and a different way to choose nodes with better networking perf, which is triaged to start 0.15.

[stale[bot]]

This issue has been automatically marked as stale because it has not had activity for 60 days. It will be closed if no further activity occurs. Please make a comment if this issue/pr is still valid. Thank you for your contributions.

[dfarrell07]

It seems like we need a section of the website generally describing cloud prepare, what it does for all platforms.

[stale[bot]]

This issue has been automatically marked as stale because it has not had activity for 60 days. It will be closed if no further activity occurs. Please make a comment if this issue/pr is still valid. Thank you for your contributions.

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[github-actions[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.