Multicloud Example¶
Goals¶
Create two VMs in Azure in different regions and connect them together
Create a third VM in GCP and connect to one of the Azure VMs
Setup¶
Installation¶
$ git clone https://github.com/paraglider-project/paraglider
$ cd paraglider
$ make build install
Controller Setup¶
$ glided startup <path_to_config>
You can find example configuration files in the tools/examples/controller-configs
directory.
Note
Be sure to replace the template values for the GCP project and the Azure resource group in the template.
For this example, we assume that you have set up the necessary credentials for Azure and GCP and that you have configured your Paraglider controller with a default
namespace for both clouds. For more on how to do this, see the Quickstart or Controller Setup.
Resource Configurations¶
- This example uses the following templated configuration files in the repo. You can find them in the
tools/examples/
. vm-configs/azure-vm-westus.json
vm-configs/azure-vm-eastus.json
vm-configs/gcp-vm.json
Phase 0: Multicloud Prep¶
Steps¶
Create VM A in Azure
$ glide resource create azure vm-a <path/to/azure-vm-westus.json>
Create VM C in GCP
$ glide resource create gcp vm-c <path/to/gcp-vm.json>
Log into VM C and try to ping VM A. Add the following rule to allow the in-browser SSH tool from GCP. The ping should fail.
$ glide rule add gcp vm-c --ssh 35.235.240.0/20
Set the permit list on VM C to allow pings from VM A.
$ glide rule add gcp vm-c --ping default.azure.vm-a
Note
This will set up the multicloud infrastructure (a VPN tunnel between the two clouds). Provisioning the gateways necessary for this can take ~20 minutes, but it is a one-time cost. All multicloud connections in this deployment will be able to use this gateway afterwards.
Phase 1: Multi-Region connectivity¶
Steps¶
Create VM B in Azure
$ glide resource create azure vm-b <path/to/azure-vm-eastus.json>
Set the permit list on VM ato allow pings to VM B.
$ glide rule add azure vm-a --ping default.azure.vm-b
Log into VM A and try to ping VM B. The ping should fail.
You can log into the VM using the serial console in-browser tool from Azure to avoid having to change the permit list.
Set the permit list on VM B to allow pings from VM A.
$ glide rule add azure vm-b --ping default.azure.vm-a
Log into VM A and try to ping VM B. The ping should succeed.
Phase 2: Multicloud connectivity¶
Steps¶
Picking up where we left off with the multicloud connection, log into VM C and try to ping VM A. The ping should fail.
Set the permit list on VM A to allow pings from VM C.
$ glide rule add azure vm-a --ping default.gcp.vm-c
Try to ping VM A from VM C. The ping should succeed.
Get the permit list of VM A.
$ glide rule get azure vm-a
Remove a permit list rule allowing pings from VM A’s permit list.
$ glide rule delete azure vm-a --rules ping-in-default-gcp-vm-c
Try to ping VM A from VM C. The ping should fail.