You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/chaos-studio/chaos-studio-private-networking.md
+20-13Lines changed: 20 additions & 13 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -12,19 +12,26 @@ ms.service: chaos-studio
12
12
13
13
Azure [Virtual Network](../virtual-network/virtual-networks-overview.md) (VNet) is the fundamental building block for your private network in Azure. VNet enables many types of Azure resources to securely communicate with each other, the internet, and on-premises networks. VNet is similar to a traditional network that you'd operate in your own data center, but brings with it other benefits of Azure's infrastructure such as scale, availability, and isolation.
14
14
15
-
VNet injection allows a Chaos resource provider to inject containerized workloads into your VNet so that resources without public endpoints can be accessed via a private IP address on the VNet.
15
+
VNet injection allows a Chaos resource provider to inject containerized workloads into your VNet so that resources without public endpoints can be accessed via a private IP address on the VNet. Once you've configured VNet injection for a resource in a VNet and enabled the resource as a target, you can use it in multiple experiments. An experiment can contain a mix of resources
16
16
17
17
## Resource type support
18
18
Currently, you can only enable certain resource types for Chaos Studio VNet injection.
19
-
***Azure Kubernetes Service** targets can be enabled with VNet injection through the Azure portal and Azure CLI.
20
-
***Key Vault** targets can be enabled with VNet injection through the Azure CLI.
19
+
***Azure Kubernetes Service** targets can be enabled with VNet injection through the **Azure portal** and **Azure CLI**. All AKS Chaos Mesh faults can be used.
20
+
***Key Vault** targets can be enabled with VNet injection through the **Azure CLI**. The faults that can be used with VNet Injection are Disable Certificate, Increment Certificate Version, and Update Certificate Policy.
21
21
22
-
## Use Chaos Studio with a private AKS cluster
22
+
## Enabling VNet injection
23
+
To use Chaos Studio with VNet injection, you need to meet the following requirements.
24
+
1. The `Microsoft.ContainerInstance` and `Microsoft.Relay` resource providers must be registered with your subscription.
25
+
1. The VNet where Chaos Studio resources will be injected needs to have two subnets, named `ChaosStudioContainerSubnet` and `ChaosStudioRelaySubnet`. Other subnet names can't be used.
26
+
1. Both subnets need at least `/28` in address space. For example, an address prefix of `10.0.0.0/28` or `10.0.0.0/24`.
27
+
1.`ChaosStudioContainerSubnet` must be delegated to `Microsoft.ContainerInstance/containerGroups`.
28
+
1. When enabling the desired resource as a target so you can use it in Chaos Studio experiments, the following properties must be set:
29
+
1. Set `properties.subnets.containerSubnetId` to the ID for `ChaosStudioContainerSubnet`.
30
+
1. Set `properties.subnets.relaySubnetId` to the ID for `ChaosStudioRelaySubnet`.
23
31
24
-
To configure VNet injection, use the following steps.
32
+
## Example: Use Chaos Studio with a private AKS cluster
25
33
26
-
> [!NOTE]
27
-
> These instructions assume you already have a private AKS cluster. Learn more about private clusters here: [Create a private Azure Kubernetes Service cluster](../aks/private-clusters.md)
34
+
This example shows how to configure a private AKS cluster to use with Chaos Studio. It assumes you already have a private AKS cluster within your Azure subscription. To create one, see: [Create a private Azure Kubernetes Service cluster](../aks/private-clusters.md)
28
35
29
36
### [Azure portal](#tab/azure-portal)
30
37
@@ -33,7 +40,7 @@ To configure VNet injection, use the following steps.
33
40

34
41
1. Navigate to Azure Chaos Studio and select **Targets**. Find your desired AKS cluster and select **Enable targets**, then **Enable service-direct targets**.
35
42

36
-
1. Select the cluster's Virtual Network. If the VNet already includes Subnets named `ChaosStudioContainerSubnet` and `ChaosStudioRelaySubnet`, select them. If they don't already exist, they'll be automatically created for you.
43
+
1. Select the cluster's Virtual Network. If the VNet already includes subnets named `ChaosStudioContainerSubnet` and `ChaosStudioRelaySubnet`, select them. If they don't already exist, they'll be automatically created for you.
37
44

38
45
1. Select **Review + Enable** and **Enable**.
39
46

@@ -86,13 +93,13 @@ Now your private AKS cluster can be used with Chaos Studio! Use the following in
86
93
"registrationState": "Registered",
87
94
```
88
95
89
-
1. Create two subnets in the VNet you want to inject into (such as the relevant AKS VNet):
96
+
1. Create two subnets in the VNet you want to inject Chaos Studio resources into (in this case, the private AKS cluster's VNet):
90
97
91
98
- `ChaosStudioContainerSubnet`
92
-
- Delegate the subnet to `Microsoft.ContainerInstance/containerGroups` service.
93
-
- This subnet must have at least /28 in address space
99
+
- Delegate the subnet to the `Microsoft.ContainerInstance/containerGroups` service.
100
+
- This subnet must have at least /28 in address space.
94
101
- `ChaosStudioRelaySubnet`
95
-
- This subnet must have at least /28 in address space
102
+
- This subnet must have at least /28 in address space.
1. When enabling Targets for the AKS cluster, so you can use it in Chaos Experiments, set the `properties.subnets.containerSubnetId` and `properties.subnets.relaySubnetId` properties using the new subnets you created in step 3.
111
+
1. When enabling targets for the AKS cluster, so you can use it in Chaos Experiments, set the `properties.subnets.containerSubnetId` and `properties.subnets.relaySubnetId` properties using the new subnets you created in step 3.
105
112
106
113
Replace `$SUBSCRIPTION_ID` with your Azure subscription ID, `$RESOURCE_GROUP` and `$AKS_CLUSTER` with the resource group name and your AKS cluster resource name. Also, replace `$AKS_INFRA_RESOURCE_GROUP` and `$AKS_VNET` with your AKS's infrastructure resource group name and VNet name. Replace `$URL` with the corresponding `https://management.azure.com/` URL used for onboarding the target.
0 commit comments