From d88efac5b92feca70207c2e467838cfbd216e78c Mon Sep 17 00:00:00 2001 From: sivakami Date: Fri, 17 Oct 2025 19:55:04 -0700 Subject: [PATCH 01/36] init swiftv2 pipeline for persistent tests on aks clusters. --- .pipelines/swiftv2-long-running/pipeline.yaml | 47 +++++ .../long-running-pipeline-template.yaml | 165 ++++++++++++++++++ 2 files changed, 212 insertions(+) create mode 100644 .pipelines/swiftv2-long-running/pipeline.yaml create mode 100644 .pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml diff --git a/.pipelines/swiftv2-long-running/pipeline.yaml b/.pipelines/swiftv2-long-running/pipeline.yaml new file mode 100644 index 0000000000..f0c446f0d0 --- /dev/null +++ b/.pipelines/swiftv2-long-running/pipeline.yaml @@ -0,0 +1,47 @@ +trigger: none + +parameters: + - name: subscriptionId + displayName: "Azure Subscription ID" + type: string + + - name: location + displayName: "Deployment Region" + type: string + default: "eastus" + + - name: resourceGroupName + displayName: "Resource Group Name" + type: string + default: "sing-$(Build.BuildId)" + + - name: cluster1Name + displayName: "AKS Cluster 1 Name" + type: string + default: "aks-cluster-a" + + - name: cluster2Name + displayName: "AKS Cluster 2 Name" + type: string + default: "aks-cluster-b" + + - name: nodeVmSize + displayName: "VM Size for Node Pool (supports 7 NICs)" + type: string + default: "Standard_D8as_v4" + + - name: serviceConnection + displayName: "Azure Service Connection" + type: string + default: "Azure-Networking-ServiceConn" + +extends: + template: templates/long-running-pipeline-template.yml + parameters: + subscriptionId: ${{ parameters.subscriptionId }} + location: ${{ parameters.location }} + resourceGroupName: ${{ parameters.resourceGroupName }} + cluster1Name: ${{ parameters.cluster1Name }} + cluster2Name: ${{ parameters.cluster2Name }} + nodeVmSize: ${{ parameters.nodeVmSize }} + serviceConnection: ${{ parameters.serviceConnection }} diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml new file mode 100644 index 0000000000..5de12386f3 --- /dev/null +++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml @@ -0,0 +1,165 @@ +parameters: + - name: subscriptionId + type: string + - name: location + type: string + - name: resourceGroupName + type: string + - name: cluster1Name + type: string + - name: cluster2Name + type: string + - name: nodeVmSize + type: string + - name: serviceConnection + type: string + +stages: + - stage: Setup + displayName: "Create AKS Infra Setup" + jobs: + # ------------------------------------------------------------ + # Job 1: Create Resource Group and AKS Clusters + # ------------------------------------------------------------ + - job: Create_RG_and_AKS + displayName: "Create RG and AKS Clusters" + pool: + vmImage: ubuntu-latest + steps: + - checkout: self + + - task: AzureCLI@2 + displayName: "Create Resource Group and AKS Clusters" + inputs: + azureSubscription: ${{ parameters.serviceConnection }} + scriptType: bash + scriptLocation: inlineScript + inlineScript: | + set -e + echo "Setting subscription..." + az account set --subscription ${{ parameters.subscriptionId }} + + echo "Creating resource group..." + az group create -n ${{ parameters.resourceGroupName }} -l ${{ parameters.location }} + + echo "Creating first AKS cluster..." + az aks create \ + -g ${{ parameters.resourceGroupName }} \ + -n ${{ parameters.cluster1Name }} \ + -l ${{ parameters.location }} \ + --network-plugin azure \ + --node-count 1 \ + --node-vm-size ${{ parameters.nodeVmSize }} \ + --generate-ssh-keys + + echo "Adding node pool to first cluster..." + az aks nodepool add \ + --cluster-name ${{ parameters.cluster1Name }} \ + --resource-group ${{ parameters.resourceGroupName }} \ + --name np1 \ + --node-count 2 \ + --node-vm-size ${{ parameters.nodeVmSize }} + + echo "Creating second AKS cluster..." + az aks create \ + -g ${{ parameters.resourceGroupName }} \ + -n ${{ parameters.cluster2Name }} \ + -l ${{ parameters.location }} \ + --network-plugin azure \ + --node-count 1 \ + --node-vm-size ${{ parameters.nodeVmSize }} \ + --generate-ssh-keys + + echo "Adding node pool to second cluster..." + az aks nodepool add \ + --cluster-name ${{ parameters.cluster2Name }} \ + --resource-group ${{ parameters.resourceGroupName }} \ + --name np2 \ + --node-count 2 \ + --node-vm-size ${{ parameters.nodeVmSize }} + + # ------------------------------------------------------------ + # Job 2: Create Customer VNets and Peerings + # ------------------------------------------------------------ + - job: Create_VNets + displayName: "Create Customer VNets and Peerings" + dependsOn: Create_RG_and_AKS + pool: + vmImage: ubuntu-latest + steps: + - task: AzureCLI@2 + displayName: "Create and Peer VNets" + inputs: + azureSubscription: ${{ parameters.serviceConnection }} + scriptType: bash + scriptLocation: inlineScript + inlineScript: | + set -e + az account set --subscription ${{ parameters.subscriptionId }} + + echo "Creating Customer VNets..." + az network vnet create \ + -g ${{ parameters.resourceGroupName }} \ + -n customerVnetA \ + --address-prefix 10.10.0.0/16 \ + -l ${{ parameters.location }} + + az network vnet create \ + -g ${{ parameters.resourceGroupName }} \ + -n customerVnetB \ + --address-prefix 10.20.0.0/16 \ + -l ${{ parameters.location }} + + echo "Peering Customer VNets..." + az network vnet peering create \ + -n peerAB \ + -g ${{ parameters.resourceGroupName }} \ + --vnet-name customerVnetA \ + --remote-vnet customerVnetB \ + --allow-vnet-access + + az network vnet peering create \ + -n peerBA \ + -g ${{ parameters.resourceGroupName }} \ + --vnet-name customerVnetB \ + --remote-vnet customerVnetA \ + --allow-vnet-access + + # ------------------------------------------------------------ + # Job 3: Create Storage Account and Private Endpoints + # ------------------------------------------------------------ + - job: Create_Storage + displayName: "Create Storage Account and Private Endpoints" + dependsOn: Create_VNets + pool: + vmImage: ubuntu-latest + steps: + - task: AzureCLI@2 + displayName: "Create Storage Account and Private Endpoint" + inputs: + azureSubscription: ${{ parameters.serviceConnection }} + scriptType: bash + scriptLocation: inlineScript + inlineScript: | + set -e + az account set --subscription ${{ parameters.subscriptionId }} + + echo "Creating Storage Account..." + STORAGE_NAME="sa${{ parameters.resourceGroupName }}$RANDOM" + az storage account create \ + -n $STORAGE_NAME \ + -g ${{ parameters.resourceGroupName }} \ + -l ${{ parameters.location }} \ + --sku Standard_LRS + + echo "Creating Private Endpoint..." + STORAGE_ID=$(az storage account show -n $STORAGE_NAME -g ${{ parameters.resourceGroupName }} --query id -o tsv) + az network private-endpoint create \ + -n sa-endpoint \ + -g ${{ parameters.resourceGroupName }} \ + -l ${{ parameters.location }} \ + --vnet-name customerVnetA \ + --subnet default \ + --private-connection-resource-id $STORAGE_ID \ + --group-id blob \ + --connection-name sa-connection From dd6afba27d9314aaa48bb4c818c99c31428c277a Mon Sep 17 00:00:00 2001 From: sivakami Date: Fri, 17 Oct 2025 22:08:25 -0700 Subject: [PATCH 02/36] Set default params. --- .pipelines/swiftv2-long-running/pipeline.yaml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.pipelines/swiftv2-long-running/pipeline.yaml b/.pipelines/swiftv2-long-running/pipeline.yaml index f0c446f0d0..5412fe8702 100644 --- a/.pipelines/swiftv2-long-running/pipeline.yaml +++ b/.pipelines/swiftv2-long-running/pipeline.yaml @@ -4,11 +4,12 @@ parameters: - name: subscriptionId displayName: "Azure Subscription ID" type: string + default: "37deca37-c375-4a14-b90a-043849bd2bf1" - name: location displayName: "Deployment Region" type: string - default: "eastus" + default: "centraluseuap" - name: resourceGroupName displayName: "Resource Group Name" @@ -33,10 +34,10 @@ parameters: - name: serviceConnection displayName: "Azure Service Connection" type: string - default: "Azure-Networking-ServiceConn" + default: "Azure Network Agent - Test Standalone - Service Connection" extends: - template: templates/long-running-pipeline-template.yml + template: template/long-running-pipeline-template.yaml parameters: subscriptionId: ${{ parameters.subscriptionId }} location: ${{ parameters.location }} From dd57671f001f02e8b620d8bbb07db4b415415fcb Mon Sep 17 00:00:00 2001 From: sivakami-projects <126191544+sivakami-projects@users.noreply.github.com> Date: Fri, 17 Oct 2025 22:22:59 -0700 Subject: [PATCH 03/36] Update pipeline.yaml for Azure Pipelines --- .pipelines/swiftv2-long-running/pipeline.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/swiftv2-long-running/pipeline.yaml b/.pipelines/swiftv2-long-running/pipeline.yaml index 5412fe8702..961e297b9f 100644 --- a/.pipelines/swiftv2-long-running/pipeline.yaml +++ b/.pipelines/swiftv2-long-running/pipeline.yaml @@ -34,7 +34,7 @@ parameters: - name: serviceConnection displayName: "Azure Service Connection" type: string - default: "Azure Network Agent - Test Standalone - Service Connection" + default: "Azure Container Networking - Standalone Test Service Connection" extends: template: template/long-running-pipeline-template.yaml From 16d69a0800d5f42574028734367d8dcaf88525fe Mon Sep 17 00:00:00 2001 From: sivakami Date: Mon, 20 Oct 2025 18:22:17 -0700 Subject: [PATCH 04/36] long running pipeline infra setup. --- .pipelines/swiftv2-long-running/pipeline.yaml | 85 +++++--- .../scripts/create_aks.sh | 22 ++ .../scripts/create_nsg.sh | 10 + .../scripts/create_peerings.sh | 17 ++ .../scripts/create_storage.sh | 24 +++ .../scripts/create_vnets.sh | 33 +++ .../long-running-pipeline-template.yaml | 189 ++++-------------- 7 files changed, 195 insertions(+), 185 deletions(-) create mode 100644 .pipelines/swiftv2-long-running/scripts/create_aks.sh create mode 100644 .pipelines/swiftv2-long-running/scripts/create_nsg.sh create mode 100644 .pipelines/swiftv2-long-running/scripts/create_peerings.sh create mode 100644 .pipelines/swiftv2-long-running/scripts/create_storage.sh create mode 100644 .pipelines/swiftv2-long-running/scripts/create_vnets.sh diff --git a/.pipelines/swiftv2-long-running/pipeline.yaml b/.pipelines/swiftv2-long-running/pipeline.yaml index 961e297b9f..4e8cc6b93d 100644 --- a/.pipelines/swiftv2-long-running/pipeline.yaml +++ b/.pipelines/swiftv2-long-running/pipeline.yaml @@ -1,48 +1,71 @@ -trigger: none +trigger: +- main parameters: - name: subscriptionId - displayName: "Azure Subscription ID" type: string default: "37deca37-c375-4a14-b90a-043849bd2bf1" - - name: location - displayName: "Deployment Region" type: string default: "centraluseuap" - - name: resourceGroupName - displayName: "Resource Group Name" - type: string - default: "sing-$(Build.BuildId)" - - - name: cluster1Name - displayName: "AKS Cluster 1 Name" type: string - default: "aks-cluster-a" - - - name: cluster2Name - displayName: "AKS Cluster 2 Name" + default: "long-run-$(date +%s)" + - name: vmSkuDefault type: string - default: "aks-cluster-b" - - - name: nodeVmSize - displayName: "VM Size for Node Pool (supports 7 NICs)" + default: "Standard_D2s_v3" + - name: vmSkuHighNIC type: string - default: "Standard_D8as_v4" - + default: "Standard_D16s_v3" - name: serviceConnection displayName: "Azure Service Connection" type: string default: "Azure Container Networking - Standalone Test Service Connection" -extends: - template: template/long-running-pipeline-template.yaml - parameters: - subscriptionId: ${{ parameters.subscriptionId }} - location: ${{ parameters.location }} - resourceGroupName: ${{ parameters.resourceGroupName }} - cluster1Name: ${{ parameters.cluster1Name }} - cluster2Name: ${{ parameters.cluster2Name }} - nodeVmSize: ${{ parameters.nodeVmSize }} - serviceConnection: ${{ parameters.serviceConnection }} +stages: + - stage: AKSClusterAndNetworking + displayName: "Stage: AKS Cluster and Networking Setup" + jobs: + - template: pipeline-template.yaml + parameters: + jobName: create-aks + scriptPath: "infra/scripts/01_create_aks.sh" + subscriptionId: ${{ parameters.subscriptionId }} + location: ${{ parameters.location }} + resourceGroupName: ${{ parameters.resourceGroupName }} + vmSkuDefault: ${{ parameters.vmSkuDefault }} + vmSkuHighNIC: ${{ parameters.vmSkuHighNIC }} + + - template: pipeline-template.yaml + parameters: + jobName: create-vnets + scriptPath: "infra/scripts/02_create_vnets.sh" + subscriptionId: ${{ parameters.subscriptionId }} + location: ${{ parameters.location }} + resourceGroupName: ${{ parameters.resourceGroupName }} + dependsOn: create-aks + + - template: pipeline-template.yaml + parameters: + jobName: create-peerings + scriptPath: "infra/scripts/03_create_peerings.sh" + subscriptionId: ${{ parameters.subscriptionId }} + resourceGroupName: ${{ parameters.resourceGroupName }} + dependsOn: create-vnets + + - template: pipeline-template.yaml + parameters: + jobName: create-storage + scriptPath: "infra/scripts/04_create_storage.sh" + subscriptionId: ${{ parameters.subscriptionId }} + location: ${{ parameters.location }} + resourceGroupName: ${{ parameters.resourceGroupName }} + dependsOn: create-peerings + + - template: pipeline-template.yaml + parameters: + jobName: create-nsg + scriptPath: "infra/scripts/05_create_nsg.sh" + subscriptionId: ${{ parameters.subscriptionId }} + resourceGroupName: ${{ parameters.resourceGroupName }} + dependsOn: create-storage diff --git a/.pipelines/swiftv2-long-running/scripts/create_aks.sh b/.pipelines/swiftv2-long-running/scripts/create_aks.sh new file mode 100644 index 0000000000..c0406a1dd9 --- /dev/null +++ b/.pipelines/swiftv2-long-running/scripts/create_aks.sh @@ -0,0 +1,22 @@ +#!/usr/bin/env bash +set -e + +az account set --subscription "$SUBSCRIPTION_ID" + +echo "==> Creating resource group: $RG" +az group create -n "$RG" -l "$LOCATION" --output none + +# AKS clusters +for CLUSTER in "aks-cluster-a" "aks-cluster-b"; do + echo "==> Creating AKS cluster: $CLUSTER" + az aks create -g "$RG" -n "$CLUSTER" -l "$LOCATION" \ + --network-plugin azure --node-count 1 \ + --node-vm-size "$VM_SKU_DEFAULT" \ + --enable-managed-identity --generate-ssh-keys \ + --load-balancer-sku standard --yes + + echo "==> Adding high-NIC nodepool to $CLUSTER" + az aks nodepool add -g "$RG" -n highnic \ + --cluster-name "$CLUSTER" --node-count 2 \ + --node-vm-size "$VM_SKU_HIGHNIC" --mode User +done diff --git a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh new file mode 100644 index 0000000000..f6f595f16b --- /dev/null +++ b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash +set -e + +VNET_A1="delegated_vnet_a1" +S1_PREFIX="10.10.1.0/24" +S2_PREFIX="10.10.2.0/24" +NSG_NAME="${VNET_A1}-nsg" + +az network nsg create -g "$RG" -n "$NSG_NAME" --output none +az network nsg rule create -g "$RG" diff --git a/.pipelines/swiftv2-long-running/scripts/create_peerings.sh b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh new file mode 100644 index 0000000000..a40343cd67 --- /dev/null +++ b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh @@ -0,0 +1,17 @@ +#!/usr/bin/env bash +set -e + +VNET_A1="delegated_vnet_a1" +VNET_A2="delegated_vnet_a2" +VNET_A3="delegated_vnet_a3" + +peer_two_vnets() { + local rg="$1"; local v1="$2"; local v2="$3"; local name12="$4"; local name21="$5" + az network vnet peering create -g "$rg" -n "$name12" --vnet-name "$v1" --remote-vnet "$v2" --allow-vnet-access --output none + az network vnet peering create -g "$rg" -n "$name21" --vnet-name "$v2" --remote-vnet "$v1" --allow-vnet-access --output none +} + +peer_two_vnets "$RG" "$VNET_A1" "$VNET_A2" "A1-to-A2" "A2-to-A1" +peer_two_vnets "$RG" "$VNET_A2" "$VNET_A3" "A2-to-A3" "A3-to-A2" +peer_two_vnets "$RG" "$VNET_A1" "$VNET_A3" "A1-to-A3" "A3-to-A1" +echo "VNet peerings created successfully." \ No newline at end of file diff --git a/.pipelines/swiftv2-long-running/scripts/create_storage.sh b/.pipelines/swiftv2-long-running/scripts/create_storage.sh new file mode 100644 index 0000000000..384e070af8 --- /dev/null +++ b/.pipelines/swiftv2-long-running/scripts/create_storage.sh @@ -0,0 +1,24 @@ +#!/usr/bin/env bash +set -e + +RAND=$(openssl rand -hex 4) +SA1="sa1${RAND}" +SA2="sa2${RAND}" +API_VER="2025-06-01" + +# Create storage accounts +for SA in "$SA1" "$SA2"; do + echo "==> Creating storage account $SA" + az rest --method put \ + --url "https://management.azure.com/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RG/providers/Microsoft.Storage/storageAccounts/$SA?api-version=$API_VER" \ + --body "{ + \"location\": \"$LOCATION\", + \"sku\": { \"name\": \"Standard_LRS\" }, + \"kind\": \"StorageV2\", + \"properties\": { + \"minimumTlsVersion\": \"TLS1_2\", + \"allowBlobPublicAccess\": false, + \"allowSharedKeyAccess\": false + } + }" +done diff --git a/.pipelines/swiftv2-long-running/scripts/create_vnets.sh b/.pipelines/swiftv2-long-running/scripts/create_vnets.sh new file mode 100644 index 0000000000..2ae4be9b22 --- /dev/null +++ b/.pipelines/swiftv2-long-running/scripts/create_vnets.sh @@ -0,0 +1,33 @@ +#!/usr/bin/env bash +set -e + +# VNets and subnets +VNET_A1="cx_vnet_a1" +VNET_A2="cx_vnet_a2" +VNET_A3="cx_vnet_a3" +VNET_B1="cx_vnet_b1" + +A1_S1="10.10.1.0/24" +A1_S2="10.10.2.0/24" +A1_PE="10.10.100.0/24" +A2_MAIN="10.11.1.0/24" +A2_PE="10.11.100.0/24" +A3_MAIN="10.12.1.0/24" +A3_PE="10.12.100.0/24" +B1_MAIN="10.20.1.0/24" + +# A1 +az network vnet create -g "$RG" -n "$VNET_A1" --address-prefix 10.10.0.0/16 --subnet-name s1 --subnet-prefix "$A1_S1" -l "$LOCATION" --output none +az network vnet subnet create -g "$RG" --vnet-name "$VNET_A1" -n s2 --address-prefix "$A1_S2" --output none +az network vnet subnet create -g "$RG" --vnet-name "$VNET_A1" -n pe --address-prefix "$A1_PE" --output none + +# A2 +az network vnet create -g "$RG" -n "$VNET_A2" --address-prefix 10.11.0.0/16 --subnet-name s-A2 --subnet-prefix "$A2_MAIN" -l "$LOCATION" --output none +az network vnet subnet create -g "$RG" --vnet-name "$VNET_A2" -n pe --address-prefix "$A2_PE" --output none + +# A3 +az network vnet create -g "$RG" -n "$VNET_A3" --address-prefix 10.12.0.0/16 --subnet-name s-A3 --subnet-prefix "$A3_MAIN" -l "$LOCATION" --output none +az network vnet subnet create -g "$RG" --vnet-name "$VNET_A3" -n pe --address-prefix "$A3_PE" --output none + +# B1 +az network vnet create -g "$RG" -n "$VNET_B1" --address-prefix 10.20.0.0/16 --subnet-name s-B1 --subnet-prefix "$B1_MAIN" -l "$LOCATION" --output none diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml index 5de12386f3..faec5970ca 100644 --- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml +++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml @@ -1,165 +1,46 @@ parameters: + - name: jobName + type: string + - name: scriptPath + type: string - name: subscriptionId type: string - name: location type: string + default: "" - name: resourceGroupName type: string - - name: cluster1Name - type: string - - name: cluster2Name + - name: vmSkuDefault type: string - - name: nodeVmSize + default: "" + - name: vmSkuHighNIC type: string + default: "" - name: serviceConnection type: string - -stages: - - stage: Setup - displayName: "Create AKS Infra Setup" - jobs: - # ------------------------------------------------------------ - # Job 1: Create Resource Group and AKS Clusters - # ------------------------------------------------------------ - - job: Create_RG_and_AKS - displayName: "Create RG and AKS Clusters" - pool: - vmImage: ubuntu-latest - steps: - - checkout: self - - - task: AzureCLI@2 - displayName: "Create Resource Group and AKS Clusters" - inputs: - azureSubscription: ${{ parameters.serviceConnection }} - scriptType: bash - scriptLocation: inlineScript - inlineScript: | - set -e - echo "Setting subscription..." - az account set --subscription ${{ parameters.subscriptionId }} - - echo "Creating resource group..." - az group create -n ${{ parameters.resourceGroupName }} -l ${{ parameters.location }} - - echo "Creating first AKS cluster..." - az aks create \ - -g ${{ parameters.resourceGroupName }} \ - -n ${{ parameters.cluster1Name }} \ - -l ${{ parameters.location }} \ - --network-plugin azure \ - --node-count 1 \ - --node-vm-size ${{ parameters.nodeVmSize }} \ - --generate-ssh-keys - - echo "Adding node pool to first cluster..." - az aks nodepool add \ - --cluster-name ${{ parameters.cluster1Name }} \ - --resource-group ${{ parameters.resourceGroupName }} \ - --name np1 \ - --node-count 2 \ - --node-vm-size ${{ parameters.nodeVmSize }} - - echo "Creating second AKS cluster..." - az aks create \ - -g ${{ parameters.resourceGroupName }} \ - -n ${{ parameters.cluster2Name }} \ - -l ${{ parameters.location }} \ - --network-plugin azure \ - --node-count 1 \ - --node-vm-size ${{ parameters.nodeVmSize }} \ - --generate-ssh-keys - - echo "Adding node pool to second cluster..." - az aks nodepool add \ - --cluster-name ${{ parameters.cluster2Name }} \ - --resource-group ${{ parameters.resourceGroupName }} \ - --name np2 \ - --node-count 2 \ - --node-vm-size ${{ parameters.nodeVmSize }} - - # ------------------------------------------------------------ - # Job 2: Create Customer VNets and Peerings - # ------------------------------------------------------------ - - job: Create_VNets - displayName: "Create Customer VNets and Peerings" - dependsOn: Create_RG_and_AKS - pool: - vmImage: ubuntu-latest - steps: - - task: AzureCLI@2 - displayName: "Create and Peer VNets" - inputs: - azureSubscription: ${{ parameters.serviceConnection }} - scriptType: bash - scriptLocation: inlineScript - inlineScript: | - set -e - az account set --subscription ${{ parameters.subscriptionId }} - - echo "Creating Customer VNets..." - az network vnet create \ - -g ${{ parameters.resourceGroupName }} \ - -n customerVnetA \ - --address-prefix 10.10.0.0/16 \ - -l ${{ parameters.location }} - - az network vnet create \ - -g ${{ parameters.resourceGroupName }} \ - -n customerVnetB \ - --address-prefix 10.20.0.0/16 \ - -l ${{ parameters.location }} - - echo "Peering Customer VNets..." - az network vnet peering create \ - -n peerAB \ - -g ${{ parameters.resourceGroupName }} \ - --vnet-name customerVnetA \ - --remote-vnet customerVnetB \ - --allow-vnet-access - - az network vnet peering create \ - -n peerBA \ - -g ${{ parameters.resourceGroupName }} \ - --vnet-name customerVnetB \ - --remote-vnet customerVnetA \ - --allow-vnet-access - - # ------------------------------------------------------------ - # Job 3: Create Storage Account and Private Endpoints - # ------------------------------------------------------------ - - job: Create_Storage - displayName: "Create Storage Account and Private Endpoints" - dependsOn: Create_VNets - pool: - vmImage: ubuntu-latest - steps: - - task: AzureCLI@2 - displayName: "Create Storage Account and Private Endpoint" - inputs: - azureSubscription: ${{ parameters.serviceConnection }} - scriptType: bash - scriptLocation: inlineScript - inlineScript: | - set -e - az account set --subscription ${{ parameters.subscriptionId }} - - echo "Creating Storage Account..." - STORAGE_NAME="sa${{ parameters.resourceGroupName }}$RANDOM" - az storage account create \ - -n $STORAGE_NAME \ - -g ${{ parameters.resourceGroupName }} \ - -l ${{ parameters.location }} \ - --sku Standard_LRS - - echo "Creating Private Endpoint..." - STORAGE_ID=$(az storage account show -n $STORAGE_NAME -g ${{ parameters.resourceGroupName }} --query id -o tsv) - az network private-endpoint create \ - -n sa-endpoint \ - -g ${{ parameters.resourceGroupName }} \ - -l ${{ parameters.location }} \ - --vnet-name customerVnetA \ - --subnet default \ - --private-connection-resource-id $STORAGE_ID \ - --group-id blob \ - --connection-name sa-connection + default: "Azure Container Networking - Standalone Test Service Connection" + +jobs: + - job: ${{ parameters.jobName }} + displayName: "Job - ${{ parameters.jobName }}" + pool: + vmImage: 'ubuntu-latest' + + steps: + - checkout: self + - task: AzureCLI@2 + displayName: "Run ${{ parameters.jobName }} script" + inputs: + azureSubscription: "${{ parameters.serviceConnection }}" + scriptType: bash + scriptLocation: inlineScript + inlineScript: | + set -e + export SUBSCRIPTION_ID="${{ parameters.subscriptionId }}" + export LOCATION="${{ parameters.location }}" + export RG="${{ parameters.resourceGroupName }}" + export VM_SKU_DEFAULT="${{ parameters.vmSkuDefault }}" + export VM_SKU_HIGHNIC="${{ parameters.vmSkuHighNIC }}" + + chmod +x ${{ parameters.scriptPath }} + ${{ parameters.scriptPath }} From c52ad9f49f0898e0b46b15b18235fcd8813638c8 Mon Sep 17 00:00:00 2001 From: sivakami Date: Mon, 20 Oct 2025 18:39:09 -0700 Subject: [PATCH 05/36] Set depedencies for pipeline jobs. --- .pipelines/swiftv2-long-running/pipeline.yaml | 9 +++++---- .../template/long-running-pipeline-template.yaml | 2 +- 2 files changed, 6 insertions(+), 5 deletions(-) diff --git a/.pipelines/swiftv2-long-running/pipeline.yaml b/.pipelines/swiftv2-long-running/pipeline.yaml index 4e8cc6b93d..9576866580 100644 --- a/.pipelines/swiftv2-long-running/pipeline.yaml +++ b/.pipelines/swiftv2-long-running/pipeline.yaml @@ -35,6 +35,7 @@ stages: resourceGroupName: ${{ parameters.resourceGroupName }} vmSkuDefault: ${{ parameters.vmSkuDefault }} vmSkuHighNIC: ${{ parameters.vmSkuHighNIC }} + dependsOn: [] - template: pipeline-template.yaml parameters: @@ -43,7 +44,7 @@ stages: subscriptionId: ${{ parameters.subscriptionId }} location: ${{ parameters.location }} resourceGroupName: ${{ parameters.resourceGroupName }} - dependsOn: create-aks + dependsOn: ["create-aks"] - template: pipeline-template.yaml parameters: @@ -51,7 +52,7 @@ stages: scriptPath: "infra/scripts/03_create_peerings.sh" subscriptionId: ${{ parameters.subscriptionId }} resourceGroupName: ${{ parameters.resourceGroupName }} - dependsOn: create-vnets + dependsOn: ["create-vnets"] - template: pipeline-template.yaml parameters: @@ -60,7 +61,7 @@ stages: subscriptionId: ${{ parameters.subscriptionId }} location: ${{ parameters.location }} resourceGroupName: ${{ parameters.resourceGroupName }} - dependsOn: create-peerings + dependsOn: ["create-peerings"] - template: pipeline-template.yaml parameters: @@ -68,4 +69,4 @@ stages: scriptPath: "infra/scripts/05_create_nsg.sh" subscriptionId: ${{ parameters.subscriptionId }} resourceGroupName: ${{ parameters.resourceGroupName }} - dependsOn: create-storage + dependsOn: ["create-storage"] diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml index faec5970ca..bdd90ae757 100644 --- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml +++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml @@ -25,7 +25,7 @@ jobs: displayName: "Job - ${{ parameters.jobName }}" pool: vmImage: 'ubuntu-latest' - + dependsOn: ${{ parameters.dependsOn }} steps: - checkout: self - task: AzureCLI@2 From 8d693737cbc4e8be5ebe56fb01e9c345d8a9da7a Mon Sep 17 00:00:00 2001 From: sivakami Date: Mon, 20 Oct 2025 18:41:42 -0700 Subject: [PATCH 06/36] template for long running cluster. --- .pipelines/swiftv2-long-running/pipeline.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/swiftv2-long-running/pipeline.yaml b/.pipelines/swiftv2-long-running/pipeline.yaml index 9576866580..bfe6f18029 100644 --- a/.pipelines/swiftv2-long-running/pipeline.yaml +++ b/.pipelines/swiftv2-long-running/pipeline.yaml @@ -26,7 +26,7 @@ stages: - stage: AKSClusterAndNetworking displayName: "Stage: AKS Cluster and Networking Setup" jobs: - - template: pipeline-template.yaml + - template: long-running-pipeline-template.yaml parameters: jobName: create-aks scriptPath: "infra/scripts/01_create_aks.sh" From ea3dfd8e59d9615e76328f2c540a3d8c9ecf5d8e Mon Sep 17 00:00:00 2001 From: sivakami Date: Mon, 20 Oct 2025 18:45:34 -0700 Subject: [PATCH 07/36] set template. --- .pipelines/swiftv2-long-running/pipeline.yaml | 20 +++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.pipelines/swiftv2-long-running/pipeline.yaml b/.pipelines/swiftv2-long-running/pipeline.yaml index bfe6f18029..aef961839b 100644 --- a/.pipelines/swiftv2-long-running/pipeline.yaml +++ b/.pipelines/swiftv2-long-running/pipeline.yaml @@ -26,10 +26,10 @@ stages: - stage: AKSClusterAndNetworking displayName: "Stage: AKS Cluster and Networking Setup" jobs: - - template: long-running-pipeline-template.yaml + - template: template/long-running-pipeline-template.yaml parameters: jobName: create-aks - scriptPath: "infra/scripts/01_create_aks.sh" + scriptPath: "scripts/create_aks.sh" subscriptionId: ${{ parameters.subscriptionId }} location: ${{ parameters.location }} resourceGroupName: ${{ parameters.resourceGroupName }} @@ -37,36 +37,36 @@ stages: vmSkuHighNIC: ${{ parameters.vmSkuHighNIC }} dependsOn: [] - - template: pipeline-template.yaml + - template: template/long-running-pipeline-template.yaml parameters: jobName: create-vnets - scriptPath: "infra/scripts/02_create_vnets.sh" + scriptPath: "scripts/create_vnets.sh" subscriptionId: ${{ parameters.subscriptionId }} location: ${{ parameters.location }} resourceGroupName: ${{ parameters.resourceGroupName }} dependsOn: ["create-aks"] - - template: pipeline-template.yaml + - template: template/long-running-pipeline-template.yaml parameters: jobName: create-peerings - scriptPath: "infra/scripts/03_create_peerings.sh" + scriptPath: "scripts/create_peerings.sh" subscriptionId: ${{ parameters.subscriptionId }} resourceGroupName: ${{ parameters.resourceGroupName }} dependsOn: ["create-vnets"] - - template: pipeline-template.yaml + - template: template/long-running-pipeline-template.yaml parameters: jobName: create-storage - scriptPath: "infra/scripts/04_create_storage.sh" + scriptPath: "scripts/create_storage.sh" subscriptionId: ${{ parameters.subscriptionId }} location: ${{ parameters.location }} resourceGroupName: ${{ parameters.resourceGroupName }} dependsOn: ["create-peerings"] - - template: pipeline-template.yaml + - template: template/long-running-pipeline-template.yaml parameters: jobName: create-nsg - scriptPath: "infra/scripts/05_create_nsg.sh" + scriptPath: "scripts/create_nsg.sh" subscriptionId: ${{ parameters.subscriptionId }} resourceGroupName: ${{ parameters.resourceGroupName }} dependsOn: ["create-storage"] From fad64fd1902aa529e7086e16c368b447eeda07c2 Mon Sep 17 00:00:00 2001 From: sivakami Date: Mon, 20 Oct 2025 18:49:14 -0700 Subject: [PATCH 08/36] set dependency for jobs. --- .../template/long-running-pipeline-template.yaml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml index bdd90ae757..2ed60283dd 100644 --- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml +++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml @@ -19,6 +19,9 @@ parameters: - name: serviceConnection type: string default: "Azure Container Networking - Standalone Test Service Connection" + - name: dependsOn + type: object + default: [] jobs: - job: ${{ parameters.jobName }} From 004d50d2a051cf6cdab5d9c909982fb85fc55dd0 Mon Sep 17 00:00:00 2001 From: sivakami Date: Mon, 20 Oct 2025 18:51:22 -0700 Subject: [PATCH 09/36] Change job name. --- .pipelines/swiftv2-long-running/pipeline.yaml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.pipelines/swiftv2-long-running/pipeline.yaml b/.pipelines/swiftv2-long-running/pipeline.yaml index aef961839b..2cfd297677 100644 --- a/.pipelines/swiftv2-long-running/pipeline.yaml +++ b/.pipelines/swiftv2-long-running/pipeline.yaml @@ -28,7 +28,7 @@ stages: jobs: - template: template/long-running-pipeline-template.yaml parameters: - jobName: create-aks + jobName: create_aks scriptPath: "scripts/create_aks.sh" subscriptionId: ${{ parameters.subscriptionId }} location: ${{ parameters.location }} @@ -39,34 +39,34 @@ stages: - template: template/long-running-pipeline-template.yaml parameters: - jobName: create-vnets + jobName: create_vnets scriptPath: "scripts/create_vnets.sh" subscriptionId: ${{ parameters.subscriptionId }} location: ${{ parameters.location }} resourceGroupName: ${{ parameters.resourceGroupName }} - dependsOn: ["create-aks"] + dependsOn: ["create_aks"] - template: template/long-running-pipeline-template.yaml parameters: - jobName: create-peerings + jobName: create_peerings scriptPath: "scripts/create_peerings.sh" subscriptionId: ${{ parameters.subscriptionId }} resourceGroupName: ${{ parameters.resourceGroupName }} - dependsOn: ["create-vnets"] + dependsOn: ["create_vnets"] - template: template/long-running-pipeline-template.yaml parameters: - jobName: create-storage + jobName: create_storage scriptPath: "scripts/create_storage.sh" subscriptionId: ${{ parameters.subscriptionId }} location: ${{ parameters.location }} resourceGroupName: ${{ parameters.resourceGroupName }} - dependsOn: ["create-peerings"] + dependsOn: ["create_peerings"] - template: template/long-running-pipeline-template.yaml parameters: - jobName: create-nsg + jobName: create_nsg scriptPath: "scripts/create_nsg.sh" subscriptionId: ${{ parameters.subscriptionId }} resourceGroupName: ${{ parameters.resourceGroupName }} - dependsOn: ["create-storage"] + dependsOn: ["create_storage"] From 8a3b65bdeb48873e890bd3a3a0234e07e65fc034 Mon Sep 17 00:00:00 2001 From: sivakami Date: Mon, 20 Oct 2025 19:04:53 -0700 Subject: [PATCH 10/36] Set job scripts. --- .pipelines/swiftv2-long-running/pipeline.yaml | 10 +++++----- .../template/long-running-pipeline-template.yaml | 2 +- 2 files changed, 6 insertions(+), 6 deletions(-) diff --git a/.pipelines/swiftv2-long-running/pipeline.yaml b/.pipelines/swiftv2-long-running/pipeline.yaml index 2cfd297677..d729f078fb 100644 --- a/.pipelines/swiftv2-long-running/pipeline.yaml +++ b/.pipelines/swiftv2-long-running/pipeline.yaml @@ -29,7 +29,7 @@ stages: - template: template/long-running-pipeline-template.yaml parameters: jobName: create_aks - scriptPath: "scripts/create_aks.sh" + scriptPath: "./scripts/create_aks.sh" subscriptionId: ${{ parameters.subscriptionId }} location: ${{ parameters.location }} resourceGroupName: ${{ parameters.resourceGroupName }} @@ -40,7 +40,7 @@ stages: - template: template/long-running-pipeline-template.yaml parameters: jobName: create_vnets - scriptPath: "scripts/create_vnets.sh" + scriptPath: "./scripts/create_vnets.sh" subscriptionId: ${{ parameters.subscriptionId }} location: ${{ parameters.location }} resourceGroupName: ${{ parameters.resourceGroupName }} @@ -49,7 +49,7 @@ stages: - template: template/long-running-pipeline-template.yaml parameters: jobName: create_peerings - scriptPath: "scripts/create_peerings.sh" + scriptPath: "./scripts/create_peerings.sh" subscriptionId: ${{ parameters.subscriptionId }} resourceGroupName: ${{ parameters.resourceGroupName }} dependsOn: ["create_vnets"] @@ -57,7 +57,7 @@ stages: - template: template/long-running-pipeline-template.yaml parameters: jobName: create_storage - scriptPath: "scripts/create_storage.sh" + scriptPath: "./scripts/create_storage.sh" subscriptionId: ${{ parameters.subscriptionId }} location: ${{ parameters.location }} resourceGroupName: ${{ parameters.resourceGroupName }} @@ -66,7 +66,7 @@ stages: - template: template/long-running-pipeline-template.yaml parameters: jobName: create_nsg - scriptPath: "scripts/create_nsg.sh" + scriptPath: "./scripts/create_nsg.sh" subscriptionId: ${{ parameters.subscriptionId }} resourceGroupName: ${{ parameters.resourceGroupName }} dependsOn: ["create_storage"] diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml index 2ed60283dd..225b7b3e46 100644 --- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml +++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml @@ -25,7 +25,7 @@ parameters: jobs: - job: ${{ parameters.jobName }} - displayName: "Job - ${{ parameters.jobName }}" + displayName: "${{ parameters.jobName }}" pool: vmImage: 'ubuntu-latest' dependsOn: ${{ parameters.dependsOn }} From ed0cf5d57d4f764fbe5b87e468511381e0d3921a Mon Sep 17 00:00:00 2001 From: sivakami Date: Mon, 20 Oct 2025 19:16:59 -0700 Subject: [PATCH 11/36] set pipeline scripts with permissions. --- .../template/long-running-pipeline-template.yaml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml index 225b7b3e46..cf0761abd0 100644 --- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml +++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml @@ -39,6 +39,8 @@ jobs: scriptLocation: inlineScript inlineScript: | set -e + chmod +x ${{ parameters.scriptPath }} + ${{ parameters.scriptPath }} export SUBSCRIPTION_ID="${{ parameters.subscriptionId }}" export LOCATION="${{ parameters.location }}" export RG="${{ parameters.resourceGroupName }}" From ae0f91804ec0d20d5ae29fc499e5541c279a51a2 Mon Sep 17 00:00:00 2001 From: sivakami Date: Mon, 20 Oct 2025 19:31:18 -0700 Subject: [PATCH 12/36] set script path. --- .pipelines/swiftv2-long-running/pipeline.yaml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.pipelines/swiftv2-long-running/pipeline.yaml b/.pipelines/swiftv2-long-running/pipeline.yaml index d729f078fb..7759027b5f 100644 --- a/.pipelines/swiftv2-long-running/pipeline.yaml +++ b/.pipelines/swiftv2-long-running/pipeline.yaml @@ -29,7 +29,7 @@ stages: - template: template/long-running-pipeline-template.yaml parameters: jobName: create_aks - scriptPath: "./scripts/create_aks.sh" + scriptPath: ".pipelines/swiftv2-long-running/scripts/create_aks.sh" subscriptionId: ${{ parameters.subscriptionId }} location: ${{ parameters.location }} resourceGroupName: ${{ parameters.resourceGroupName }} @@ -40,7 +40,7 @@ stages: - template: template/long-running-pipeline-template.yaml parameters: jobName: create_vnets - scriptPath: "./scripts/create_vnets.sh" + scriptPath: ".pipelines/swiftv2-long-running/scripts/create_vnets.sh" subscriptionId: ${{ parameters.subscriptionId }} location: ${{ parameters.location }} resourceGroupName: ${{ parameters.resourceGroupName }} @@ -49,7 +49,7 @@ stages: - template: template/long-running-pipeline-template.yaml parameters: jobName: create_peerings - scriptPath: "./scripts/create_peerings.sh" + scriptPath: ".pipelines/swiftv2-long-running/scripts/create_peerings.sh" subscriptionId: ${{ parameters.subscriptionId }} resourceGroupName: ${{ parameters.resourceGroupName }} dependsOn: ["create_vnets"] @@ -57,7 +57,7 @@ stages: - template: template/long-running-pipeline-template.yaml parameters: jobName: create_storage - scriptPath: "./scripts/create_storage.sh" + scriptPath: ".pipelines/swiftv2-long-running/scripts/create_storage.sh" subscriptionId: ${{ parameters.subscriptionId }} location: ${{ parameters.location }} resourceGroupName: ${{ parameters.resourceGroupName }} @@ -66,7 +66,7 @@ stages: - template: template/long-running-pipeline-template.yaml parameters: jobName: create_nsg - scriptPath: "./scripts/create_nsg.sh" + scriptPath: ".pipelines/swiftv2-long-running/scripts/create_nsg.sh" subscriptionId: ${{ parameters.subscriptionId }} resourceGroupName: ${{ parameters.resourceGroupName }} dependsOn: ["create_storage"] From 61859e78fad1c2c3b1fe0abd60a3fb65fdc314ea Mon Sep 17 00:00:00 2001 From: sivakami Date: Mon, 20 Oct 2025 20:45:46 -0700 Subject: [PATCH 13/36] set template params. --- .../template/long-running-pipeline-template.yaml | 14 ++++++-------- 1 file changed, 6 insertions(+), 8 deletions(-) diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml index cf0761abd0..7e30a1ea7f 100644 --- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml +++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml @@ -41,11 +41,9 @@ jobs: set -e chmod +x ${{ parameters.scriptPath }} ${{ parameters.scriptPath }} - export SUBSCRIPTION_ID="${{ parameters.subscriptionId }}" - export LOCATION="${{ parameters.location }}" - export RG="${{ parameters.resourceGroupName }}" - export VM_SKU_DEFAULT="${{ parameters.vmSkuDefault }}" - export VM_SKU_HIGHNIC="${{ parameters.vmSkuHighNIC }}" - - chmod +x ${{ parameters.scriptPath }} - ${{ parameters.scriptPath }} + env: + subscriptionId: ${{ parameters.subscriptionId }} + location: ${{ parameters.location }} + resourceGroupName: ${{ parameters.resourceGroupName }} + vmSkuDefault: ${{ parameters.vmSkuDefault }} + vmSkuHighNIC: ${{ parameters.vmSkuHighNIC }} \ No newline at end of file From 46e61486d2816cec234a91aca6f76bc6c7418bdb Mon Sep 17 00:00:00 2001 From: sivakami Date: Mon, 20 Oct 2025 21:22:27 -0700 Subject: [PATCH 14/36] Set pipeline template for long running clusters. --- .pipelines/swiftv2-long-running/pipeline.yaml | 72 +++------ .../long-running-pipeline-template.yaml | 147 +++++++++++++----- 2 files changed, 133 insertions(+), 86 deletions(-) diff --git a/.pipelines/swiftv2-long-running/pipeline.yaml b/.pipelines/swiftv2-long-running/pipeline.yaml index 7759027b5f..b6d085901d 100644 --- a/.pipelines/swiftv2-long-running/pipeline.yaml +++ b/.pipelines/swiftv2-long-running/pipeline.yaml @@ -1,72 +1,42 @@ -trigger: -- main +trigger: none parameters: - name: subscriptionId + displayName: "Azure Subscription ID" type: string default: "37deca37-c375-4a14-b90a-043849bd2bf1" + - name: location + displayName: "Deployment Region" type: string default: "centraluseuap" + - name: resourceGroupName + displayName: "Resource Group Name" type: string - default: "long-run-$(date +%s)" + default: "long-run-$(Build.BuildId)" + - name: vmSkuDefault + displayName: "VM SKU for Default Node Pool" type: string default: "Standard_D2s_v3" + - name: vmSkuHighNIC + displayName: "VM SKU for High NIC Node Pool" type: string default: "Standard_D16s_v3" + - name: serviceConnection displayName: "Azure Service Connection" type: string default: "Azure Container Networking - Standalone Test Service Connection" -stages: - - stage: AKSClusterAndNetworking - displayName: "Stage: AKS Cluster and Networking Setup" - jobs: - - template: template/long-running-pipeline-template.yaml - parameters: - jobName: create_aks - scriptPath: ".pipelines/swiftv2-long-running/scripts/create_aks.sh" - subscriptionId: ${{ parameters.subscriptionId }} - location: ${{ parameters.location }} - resourceGroupName: ${{ parameters.resourceGroupName }} - vmSkuDefault: ${{ parameters.vmSkuDefault }} - vmSkuHighNIC: ${{ parameters.vmSkuHighNIC }} - dependsOn: [] - - - template: template/long-running-pipeline-template.yaml - parameters: - jobName: create_vnets - scriptPath: ".pipelines/swiftv2-long-running/scripts/create_vnets.sh" - subscriptionId: ${{ parameters.subscriptionId }} - location: ${{ parameters.location }} - resourceGroupName: ${{ parameters.resourceGroupName }} - dependsOn: ["create_aks"] - - - template: template/long-running-pipeline-template.yaml - parameters: - jobName: create_peerings - scriptPath: ".pipelines/swiftv2-long-running/scripts/create_peerings.sh" - subscriptionId: ${{ parameters.subscriptionId }} - resourceGroupName: ${{ parameters.resourceGroupName }} - dependsOn: ["create_vnets"] - - - template: template/long-running-pipeline-template.yaml - parameters: - jobName: create_storage - scriptPath: ".pipelines/swiftv2-long-running/scripts/create_storage.sh" - subscriptionId: ${{ parameters.subscriptionId }} - location: ${{ parameters.location }} - resourceGroupName: ${{ parameters.resourceGroupName }} - dependsOn: ["create_peerings"] - - - template: template/long-running-pipeline-template.yaml - parameters: - jobName: create_nsg - scriptPath: ".pipelines/swiftv2-long-running/scripts/create_nsg.sh" - subscriptionId: ${{ parameters.subscriptionId }} - resourceGroupName: ${{ parameters.resourceGroupName }} - dependsOn: ["create_storage"] +extends: + template: template/long-running-pipeline-template.yaml + parameters: + subscriptionId: ${{ parameters.subscriptionId }} + location: ${{ parameters.location }} + resourceGroupName: ${{ parameters.resourceGroupName }} + vmSkuDefault: ${{ parameters.vmSkuDefault }} + vmSkuHighNIC: ${{ parameters.vmSkuHighNIC }} + serviceConnection: ${{ parameters.serviceConnection }} diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml index 7e30a1ea7f..f2a03fcfa4 100644 --- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml +++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml @@ -1,49 +1,126 @@ parameters: - - name: jobName - type: string - - name: scriptPath - type: string - name: subscriptionId type: string - name: location type: string - default: "" - name: resourceGroupName type: string - name: vmSkuDefault type: string - default: "" - name: vmSkuHighNIC type: string - default: "" - name: serviceConnection type: string - default: "Azure Container Networking - Standalone Test Service Connection" - - name: dependsOn - type: object - default: [] -jobs: - - job: ${{ parameters.jobName }} - displayName: "${{ parameters.jobName }}" - pool: - vmImage: 'ubuntu-latest' - dependsOn: ${{ parameters.dependsOn }} - steps: - - checkout: self - - task: AzureCLI@2 - displayName: "Run ${{ parameters.jobName }} script" - inputs: - azureSubscription: "${{ parameters.serviceConnection }}" - scriptType: bash - scriptLocation: inlineScript - inlineScript: | - set -e - chmod +x ${{ parameters.scriptPath }} - ${{ parameters.scriptPath }} - env: - subscriptionId: ${{ parameters.subscriptionId }} - location: ${{ parameters.location }} - resourceGroupName: ${{ parameters.resourceGroupName }} - vmSkuDefault: ${{ parameters.vmSkuDefault }} - vmSkuHighNIC: ${{ parameters.vmSkuHighNIC }} \ No newline at end of file +stages: + - stage: AKSClusterAndNetworking + displayName: "Stage: AKS Cluster and Networking Setup" + jobs: + # ------------------------------------------------------------ + # Job 1: Create AKS Cluster + # ------------------------------------------------------------ + - job: Create_AKS + displayName: "Create AKS Clusters" + pool: + vmImage: ubuntu-latest + steps: + - checkout: self + - task: AzureCLI@2 + displayName: "Run create_aks.sh" + inputs: + azureSubscription: ${{ parameters.serviceConnection }} + scriptType: bash + scriptLocation: scriptPath + scriptPath: ".pipelines/swiftv2-long-running/scripts/create_aks.sh" + arguments: > + ${{ parameters.subscriptionId }} + ${{ parameters.location }} + ${{ parameters.resourceGroupName }} + ${{ parameters.vmSkuDefault }} + ${{ parameters.vmSkuHighNIC }} + + # ------------------------------------------------------------ + # Job 2: Create VNets + # ------------------------------------------------------------ + - job: Create_VNets + displayName: "Create VNets" + dependsOn: Create_AKS + pool: + vmImage: ubuntu-latest + steps: + - checkout: self + - task: AzureCLI@2 + displayName: "Run create_vnets.sh" + inputs: + azureSubscription: ${{ parameters.serviceConnection }} + scriptType: bash + scriptLocation: scriptPath + scriptPath: ".pipelines/swiftv2-long-running/scripts/create_vnets.sh" + arguments: > + ${{ parameters.subscriptionId }} + ${{ parameters.location }} + ${{ parameters.resourceGroupName }} + + # ------------------------------------------------------------ + # Job 3: Create Peerings + # ------------------------------------------------------------ + - job: Create_Peerings + displayName: "Create Peerings" + dependsOn: Create_VNets + pool: + vmImage: ubuntu-latest + steps: + - checkout: self + - task: AzureCLI@2 + displayName: "Run create_peerings.sh" + inputs: + azureSubscription: ${{ parameters.serviceConnection }} + scriptType: bash + scriptLocation: scriptPath + scriptPath: ".pipelines/swiftv2-long-running/scripts/create_peerings.sh" + arguments: > + ${{ parameters.subscriptionId }} + ${{ parameters.resourceGroupName }} + + # ------------------------------------------------------------ + # Job 4: Create Storage + # ------------------------------------------------------------ + - job: Create_Storage + displayName: "Create Storage" + dependsOn: Create_Peerings + pool: + vmImage: ubuntu-latest + steps: + - checkout: self + - task: AzureCLI@2 + displayName: "Run create_storage.sh" + inputs: + azureSubscription: ${{ parameters.serviceConnection }} + scriptType: bash + scriptLocation: scriptPath + scriptPath: ".pipelines/swiftv2-long-running/scripts/create_storage.sh" + arguments: > + ${{ parameters.subscriptionId }} + ${{ parameters.location }} + ${{ parameters.resourceGroupName }} + + # ------------------------------------------------------------ + # Job 5: Create NSG + # ------------------------------------------------------------ + - job: Create_NSG + displayName: "Create Network Security Groups" + dependsOn: Create_Storage + pool: + vmImage: ubuntu-latest + steps: + - checkout: self + - task: AzureCLI@2 + displayName: "Run create_nsg.sh" + inputs: + azureSubscription: ${{ parameters.serviceConnection }} + scriptType: bash + scriptLocation: scriptPath + scriptPath: ".pipelines/swiftv2-long-running/scripts/create_nsg.sh" + arguments: > + ${{ parameters.subscriptionId }} + ${{ parameters.resourceGroupName }} From 17b5debc0005b131aad779a8f4c3b01f91433a99 Mon Sep 17 00:00:00 2001 From: sivakami Date: Mon, 20 Oct 2025 21:32:46 -0700 Subject: [PATCH 15/36] test change. --- .pipelines/swiftv2-long-running/scripts/create_aks.sh | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.pipelines/swiftv2-long-running/scripts/create_aks.sh b/.pipelines/swiftv2-long-running/scripts/create_aks.sh index c0406a1dd9..de4f30d34e 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_aks.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_aks.sh @@ -1,6 +1,11 @@ #!/usr/bin/env bash set -e +echo "Subscription id: $SUBSCRIPTION_ID" +echo "Resource group: $RG" +echo "Location: $LOCATION" +echo "VM SKU (default): $VM_SKU_DEFAULT" +echo "VM SKU (high-NIC): $VM_SKU_HIGHNIC" az account set --subscription "$SUBSCRIPTION_ID" echo "==> Creating resource group: $RG" From 08c26655ee648e05849e2332624ab7dd8d0132fd Mon Sep 17 00:00:00 2001 From: sivakami Date: Mon, 20 Oct 2025 21:49:30 -0700 Subject: [PATCH 16/36] set params. --- .pipelines/swiftv2-long-running/scripts/create_aks.sh | 6 ++++++ .pipelines/swiftv2-long-running/scripts/create_nsg.sh | 3 +++ 2 files changed, 9 insertions(+) diff --git a/.pipelines/swiftv2-long-running/scripts/create_aks.sh b/.pipelines/swiftv2-long-running/scripts/create_aks.sh index de4f30d34e..86df30deba 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_aks.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_aks.sh @@ -1,6 +1,12 @@ #!/usr/bin/env bash set -e +SUBSCRIPTION_ID=$1 +LOCATION=$2 +RG=$3 +VM_SKU_DEFAULT=$4 +VM_SKU_HIGHNIC=$5 + echo "Subscription id: $SUBSCRIPTION_ID" echo "Resource group: $RG" echo "Location: $LOCATION" diff --git a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh index f6f595f16b..4f5c7fe770 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh @@ -1,6 +1,9 @@ #!/usr/bin/env bash set -e +SUBSCRIPTION_ID=$1 +RG=$2 + VNET_A1="delegated_vnet_a1" S1_PREFIX="10.10.1.0/24" S2_PREFIX="10.10.2.0/24" From 0495b7259d35dd7d770858c9c1c24c1afe3bcf6b Mon Sep 17 00:00:00 2001 From: sivakami Date: Tue, 21 Oct 2025 00:01:25 -0700 Subject: [PATCH 17/36] set params in pipeline scripts. --- .pipelines/swiftv2-long-running/scripts/create_peerings.sh | 3 +++ .pipelines/swiftv2-long-running/scripts/create_storage.sh | 4 ++++ .pipelines/swiftv2-long-running/scripts/create_vnets.sh | 6 ++++++ 3 files changed, 13 insertions(+) diff --git a/.pipelines/swiftv2-long-running/scripts/create_peerings.sh b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh index a40343cd67..703c811534 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_peerings.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh @@ -1,6 +1,9 @@ #!/usr/bin/env bash set -e +SUBSCRIPTION_ID=$1 +RG=$2 + VNET_A1="delegated_vnet_a1" VNET_A2="delegated_vnet_a2" VNET_A3="delegated_vnet_a3" diff --git a/.pipelines/swiftv2-long-running/scripts/create_storage.sh b/.pipelines/swiftv2-long-running/scripts/create_storage.sh index 384e070af8..8ef8f70703 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_storage.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_storage.sh @@ -1,6 +1,10 @@ #!/usr/bin/env bash set -e +SUBSCRIPTION_ID=$1 +LOCATION=$2 +RG=$3 + RAND=$(openssl rand -hex 4) SA1="sa1${RAND}" SA2="sa2${RAND}" diff --git a/.pipelines/swiftv2-long-running/scripts/create_vnets.sh b/.pipelines/swiftv2-long-running/scripts/create_vnets.sh index 2ae4be9b22..e52de30ccd 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_vnets.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_vnets.sh @@ -1,6 +1,12 @@ #!/usr/bin/env bash set -e +SUBSCRIPTION_ID=$1 +LOCATION=$2 +RG=$3 + +az account set --subscription "$SUBSCRIPTION_ID" + # VNets and subnets VNET_A1="cx_vnet_a1" VNET_A2="cx_vnet_a2" From f4750f27dcd9b0e6fd562577cd9ad7fc98358527 Mon Sep 17 00:00:00 2001 From: sivakami Date: Tue, 21 Oct 2025 00:47:10 -0700 Subject: [PATCH 18/36] set cx vnet name. --- .pipelines/swiftv2-long-running/scripts/create_nsg.sh | 2 +- .pipelines/swiftv2-long-running/scripts/create_peerings.sh | 7 ++++--- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh index 4f5c7fe770..553b7965a0 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh @@ -4,7 +4,7 @@ set -e SUBSCRIPTION_ID=$1 RG=$2 -VNET_A1="delegated_vnet_a1" +VNET_A1="cx_vnet_a1" S1_PREFIX="10.10.1.0/24" S2_PREFIX="10.10.2.0/24" NSG_NAME="${VNET_A1}-nsg" diff --git a/.pipelines/swiftv2-long-running/scripts/create_peerings.sh b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh index 703c811534..da413e6869 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_peerings.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh @@ -4,9 +4,10 @@ set -e SUBSCRIPTION_ID=$1 RG=$2 -VNET_A1="delegated_vnet_a1" -VNET_A2="delegated_vnet_a2" -VNET_A3="delegated_vnet_a3" +VNET_A1="cx_vnet_a1" +VNET_A2="cx_vnet_a2" +VNET_A3="cx_vnet_a3" +VNET_B1="cx_vnet_b1" peer_two_vnets() { local rg="$1"; local v1="$2"; local v2="$3"; local name12="$4"; local name21="$5" From b530c30e3df303fbf43727be4e70409034c54480 Mon Sep 17 00:00:00 2001 From: sivakami Date: Tue, 21 Oct 2025 00:49:50 -0700 Subject: [PATCH 19/36] Create clusters parallely --- .../scripts/create_aks.sh | 26 +++++++++++++++---- .../long-running-pipeline-template.yaml | 2 +- 2 files changed, 22 insertions(+), 6 deletions(-) diff --git a/.pipelines/swiftv2-long-running/scripts/create_aks.sh b/.pipelines/swiftv2-long-running/scripts/create_aks.sh index 86df30deba..dc4cbbbefd 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_aks.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_aks.sh @@ -17,17 +17,33 @@ az account set --subscription "$SUBSCRIPTION_ID" echo "==> Creating resource group: $RG" az group create -n "$RG" -l "$LOCATION" --output none -# AKS clusters -for CLUSTER in "aks-cluster-a" "aks-cluster-b"; do +# Enable parallel cluster creation +create_cluster() { + local CLUSTER=$1 echo "==> Creating AKS cluster: $CLUSTER" + az aks create -g "$RG" -n "$CLUSTER" -l "$LOCATION" \ --network-plugin azure --node-count 1 \ --node-vm-size "$VM_SKU_DEFAULT" \ --enable-managed-identity --generate-ssh-keys \ - --load-balancer-sku standard --yes + --load-balancer-sku standard --yes --only-show-errors echo "==> Adding high-NIC nodepool to $CLUSTER" az aks nodepool add -g "$RG" -n highnic \ --cluster-name "$CLUSTER" --node-count 2 \ - --node-vm-size "$VM_SKU_HIGHNIC" --mode User -done + --node-vm-size "$VM_SKU_HIGHNIC" --mode User --only-show-errors + + echo "Finished AKS cluster: $CLUSTER" +} + +# Run both clusters in parallel +create_cluster "aks-cluster-a" & +pid_a=$! + +create_cluster "aks-cluster-b" & +pid_b=$! + +# Wait for both to finish +wait $pid_a $pid_b + +echo "AKS clusters created successfully!" diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml index f2a03fcfa4..def27a233e 100644 --- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml +++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml @@ -87,7 +87,7 @@ stages: # ------------------------------------------------------------ - job: Create_Storage displayName: "Create Storage" - dependsOn: Create_Peerings + dependsOn: Create_AKS pool: vmImage: ubuntu-latest steps: From ac3419ec7dc31847fc23f36f9a48a85427393c09 Mon Sep 17 00:00:00 2001 From: sivakami Date: Tue, 21 Oct 2025 08:59:03 -0700 Subject: [PATCH 20/36] create NSG. --- .../scripts/create_nsg.sh | 51 ++++++++++++++++++- 1 file changed, 49 insertions(+), 2 deletions(-) diff --git a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh index 553b7965a0..2d9d8d52c1 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh @@ -3,11 +3,58 @@ set -e SUBSCRIPTION_ID=$1 RG=$2 +LOCATION=${3:-centraluseuap} VNET_A1="cx_vnet_a1" S1_PREFIX="10.10.1.0/24" S2_PREFIX="10.10.2.0/24" NSG_NAME="${VNET_A1}-nsg" -az network nsg create -g "$RG" -n "$NSG_NAME" --output none -az network nsg rule create -g "$RG" +echo "==> Creating Network Security Group: $NSG_NAME" +az network nsg create -g "$RG" -n "$NSG_NAME" -l "$LOCATION" --output none + +echo "==> Adding NSG rules" + +# Allow SSH from any +az network nsg rule create \ + -g "$RG" \ + --nsg-name "$NSG_NAME" \ + -n allow-ssh \ + --priority 100 \ + --source-address-prefixes "*" \ + --destination-port-ranges 22 \ + --direction Inbound \ + --access Allow \ + --protocol Tcp \ + --description "Allow SSH access" \ + --output none + +# Allow internal VNet traffic +az network nsg rule create \ + -g "$RG" \ + --nsg-name "$NSG_NAME" \ + -n allow-vnet \ + --priority 200 \ + --source-address-prefixes VirtualNetwork \ + --destination-address-prefixes VirtualNetwork \ + --direction Inbound \ + --access Allow \ + --protocol "*" \ + --description "Allow VNet internal traffic" \ + --output none + +# Allow AKS API traffic +az network nsg rule create \ + -g "$RG" \ + --nsg-name "$NSG_NAME" \ + -n allow-aks-controlplane \ + --priority 300 \ + --source-address-prefixes AzureCloud \ + --destination-port-ranges 443 \ + --direction Inbound \ + --access Allow \ + --protocol Tcp \ + --description "Allow AKS control plane traffic" \ + --output none + +echo "NSG '$NSG_NAME' created successfully with rules." From b4b7fbbad595edb4646013bbc82564a3cdbc6338 Mon Sep 17 00:00:00 2001 From: sivakami Date: Tue, 21 Oct 2025 09:22:13 -0700 Subject: [PATCH 21/36] Change dependency for creating nsg. --- .../template/long-running-pipeline-template.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml index def27a233e..d84f50c9ce 100644 --- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml +++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml @@ -109,7 +109,7 @@ stages: # ------------------------------------------------------------ - job: Create_NSG displayName: "Create Network Security Groups" - dependsOn: Create_Storage + dependsOn: Create_VNets pool: vmImage: ubuntu-latest steps: From 325d3f35d17c8cb51687f7049ce2c7f65c449bc7 Mon Sep 17 00:00:00 2001 From: sivakami-projects <126191544+sivakami-projects@users.noreply.github.com> Date: Tue, 21 Oct 2025 10:02:16 -0700 Subject: [PATCH 22/36] Update .pipelines/swiftv2-long-running/scripts/create_peerings.sh Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: sivakami-projects <126191544+sivakami-projects@users.noreply.github.com> --- .pipelines/swiftv2-long-running/scripts/create_peerings.sh | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.pipelines/swiftv2-long-running/scripts/create_peerings.sh b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh index da413e6869..471a6495d7 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_peerings.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh @@ -1,9 +1,7 @@ #!/usr/bin/env bash set -e -SUBSCRIPTION_ID=$1 -RG=$2 - +RG=$1 VNET_A1="cx_vnet_a1" VNET_A2="cx_vnet_a2" VNET_A3="cx_vnet_a3" From 3086d406cb2c1ec5a56a578b9c70b0bcdf1f373a Mon Sep 17 00:00:00 2001 From: sivakami-projects <126191544+sivakami-projects@users.noreply.github.com> Date: Tue, 21 Oct 2025 10:02:23 -0700 Subject: [PATCH 23/36] Update .pipelines/swiftv2-long-running/scripts/create_nsg.sh Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> Signed-off-by: sivakami-projects <126191544+sivakami-projects@users.noreply.github.com> --- .pipelines/swiftv2-long-running/scripts/create_nsg.sh | 2 -- 1 file changed, 2 deletions(-) diff --git a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh index 2d9d8d52c1..33c3702000 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh @@ -6,8 +6,6 @@ RG=$2 LOCATION=${3:-centraluseuap} VNET_A1="cx_vnet_a1" -S1_PREFIX="10.10.1.0/24" -S2_PREFIX="10.10.2.0/24" NSG_NAME="${VNET_A1}-nsg" echo "==> Creating Network Security Group: $NSG_NAME" From adb44484f035b11aa3563cdc8fe00f1504ee1e74 Mon Sep 17 00:00:00 2001 From: sivakami Date: Tue, 21 Oct 2025 10:28:48 -0700 Subject: [PATCH 24/36] Add success/error message for each resource creation. --- .../scripts/create_nsg.sh | 13 +++++--- .../scripts/create_peerings.sh | 8 +++-- .../scripts/create_storage.sh | 6 +++- .../scripts/create_vnets.sh | 30 ++++++++++++++----- 4 files changed, 42 insertions(+), 15 deletions(-) diff --git a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh index 33c3702000..1a7655756c 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash set -e +trap 'echo "[ERROR] Failed during NSG creation." >&2' ERR SUBSCRIPTION_ID=$1 RG=$2 @@ -9,7 +10,8 @@ VNET_A1="cx_vnet_a1" NSG_NAME="${VNET_A1}-nsg" echo "==> Creating Network Security Group: $NSG_NAME" -az network nsg create -g "$RG" -n "$NSG_NAME" -l "$LOCATION" --output none +az network nsg create -g "$RG" -n "$NSG_NAME" -l "$LOCATION" --output none \ + && echo "NSG $NSG_NAME created." echo "==> Adding NSG rules" @@ -25,7 +27,8 @@ az network nsg rule create \ --access Allow \ --protocol Tcp \ --description "Allow SSH access" \ - --output none + --output none \ + && echo "Rule allow-ssh created." # Allow internal VNet traffic az network nsg rule create \ @@ -39,7 +42,8 @@ az network nsg rule create \ --access Allow \ --protocol "*" \ --description "Allow VNet internal traffic" \ - --output none + --output none \ + && echo "Rule allow-vnet created." # Allow AKS API traffic az network nsg rule create \ @@ -53,6 +57,7 @@ az network nsg rule create \ --access Allow \ --protocol Tcp \ --description "Allow AKS control plane traffic" \ - --output none + --output none \ + && echo "Rule allow-aks-controlplane created." echo "NSG '$NSG_NAME' created successfully with rules." diff --git a/.pipelines/swiftv2-long-running/scripts/create_peerings.sh b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh index 471a6495d7..4b199912cf 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_peerings.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash set -e +trap 'echo "[ERROR] Failed during VNet peering creation." >&2' ERR RG=$1 VNET_A1="cx_vnet_a1" @@ -9,8 +10,11 @@ VNET_B1="cx_vnet_b1" peer_two_vnets() { local rg="$1"; local v1="$2"; local v2="$3"; local name12="$4"; local name21="$5" - az network vnet peering create -g "$rg" -n "$name12" --vnet-name "$v1" --remote-vnet "$v2" --allow-vnet-access --output none - az network vnet peering create -g "$rg" -n "$name21" --vnet-name "$v2" --remote-vnet "$v1" --allow-vnet-access --output none + echo "==> Peering $v1 <-> $v2" + az network vnet peering create -g "$rg" -n "$name12" --vnet-name "$v1" --remote-vnet "$v2" --allow-vnet-access --output none \ + && echo "Created peering $name12" + az network vnet peering create -g "$rg" -n "$name21" --vnet-name "$v2" --remote-vnet "$v1" --allow-vnet-access --output none \ + && echo "Created peering $name21" } peer_two_vnets "$RG" "$VNET_A1" "$VNET_A2" "A1-to-A2" "A2-to-A1" diff --git a/.pipelines/swiftv2-long-running/scripts/create_storage.sh b/.pipelines/swiftv2-long-running/scripts/create_storage.sh index 8ef8f70703..6bd2d89c10 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_storage.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_storage.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash set -e +trap 'echo "[ERROR] Failed during Storage Account creation." >&2' ERR SUBSCRIPTION_ID=$1 LOCATION=$2 @@ -24,5 +25,8 @@ for SA in "$SA1" "$SA2"; do \"allowBlobPublicAccess\": false, \"allowSharedKeyAccess\": false } - }" + }" \ + && echo "Storage account $SA created successfully." done + +echo "All storage accounts created successfully." \ No newline at end of file diff --git a/.pipelines/swiftv2-long-running/scripts/create_vnets.sh b/.pipelines/swiftv2-long-running/scripts/create_vnets.sh index e52de30ccd..c7360bbc7c 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_vnets.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_vnets.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash set -e +trap 'echo "[ERROR] Failed while creating VNets or subnets. Check Azure CLI logs above." >&2' ERR SUBSCRIPTION_ID=$1 LOCATION=$2 @@ -16,24 +17,37 @@ VNET_B1="cx_vnet_b1" A1_S1="10.10.1.0/24" A1_S2="10.10.2.0/24" A1_PE="10.10.100.0/24" + A2_MAIN="10.11.1.0/24" A2_PE="10.11.100.0/24" + A3_MAIN="10.12.1.0/24" A3_PE="10.12.100.0/24" + B1_MAIN="10.20.1.0/24" # A1 -az network vnet create -g "$RG" -n "$VNET_A1" --address-prefix 10.10.0.0/16 --subnet-name s1 --subnet-prefix "$A1_S1" -l "$LOCATION" --output none -az network vnet subnet create -g "$RG" --vnet-name "$VNET_A1" -n s2 --address-prefix "$A1_S2" --output none -az network vnet subnet create -g "$RG" --vnet-name "$VNET_A1" -n pe --address-prefix "$A1_PE" --output none +az network vnet create -g "$RG" -n "$VNET_A1" --address-prefix 10.10.0.0/16 --subnet-name s1 --subnet-prefix "$A1_S1" -l "$LOCATION" --output none \ + && echo "Created $VNET_A1 with subnet s1" +az network vnet subnet create -g "$RG" --vnet-name "$VNET_A1" -n s2 --address-prefix "$A1_S2" --output none \ + && echo "Created $VNET_A1 with subnet s2" +az network vnet subnet create -g "$RG" --vnet-name "$VNET_A1" -n pe --address-prefix "$A1_PE" --output none \ + && echo "Created $VNET_A1 with subnet pe" # A2 -az network vnet create -g "$RG" -n "$VNET_A2" --address-prefix 10.11.0.0/16 --subnet-name s-A2 --subnet-prefix "$A2_MAIN" -l "$LOCATION" --output none -az network vnet subnet create -g "$RG" --vnet-name "$VNET_A2" -n pe --address-prefix "$A2_PE" --output none +az network vnet create -g "$RG" -n "$VNET_A2" --address-prefix 10.11.0.0/16 --subnet-name s-A2 --subnet-prefix "$A2_MAIN" -l "$LOCATION" --output none \ + && echo "Created $VNET_A2 with subnet s-A2" +az network vnet subnet create -g "$RG" --vnet-name "$VNET_A2" -n pe --address-prefix "$A2_PE" --output none \ + && echo "Created $VNET_A2 with subnet pe" # A3 -az network vnet create -g "$RG" -n "$VNET_A3" --address-prefix 10.12.0.0/16 --subnet-name s-A3 --subnet-prefix "$A3_MAIN" -l "$LOCATION" --output none -az network vnet subnet create -g "$RG" --vnet-name "$VNET_A3" -n pe --address-prefix "$A3_PE" --output none +az network vnet create -g "$RG" -n "$VNET_A3" --address-prefix 10.12.0.0/16 --subnet-name s-A3 --subnet-prefix "$A3_MAIN" -l "$LOCATION" --output none \ + && echo "Created $VNET_A3 with subnet s-A3" +az network vnet subnet create -g "$RG" --vnet-name "$VNET_A3" -n pe --address-prefix "$A3_PE" --output none \ + && echo "Created $VNET_A3 with subnet pe" # B1 -az network vnet create -g "$RG" -n "$VNET_B1" --address-prefix 10.20.0.0/16 --subnet-name s-B1 --subnet-prefix "$B1_MAIN" -l "$LOCATION" --output none +az network vnet create -g "$RG" -n "$VNET_B1" --address-prefix 10.20.0.0/16 --subnet-name s-B1 --subnet-prefix "$B1_MAIN" -l "$LOCATION" --output none \ + && echo "Created $VNET_B1 with subnet s-B1" + +echo "All VNets and subnets created successfully." From b77b78d7dbe02d88339175f8370cd6a50123aaea Mon Sep 17 00:00:00 2001 From: sivakami Date: Tue, 21 Oct 2025 10:35:30 -0700 Subject: [PATCH 25/36] Remove unused argument from template. --- .../template/long-running-pipeline-template.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml index d84f50c9ce..340813470d 100644 --- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml +++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml @@ -79,7 +79,6 @@ stages: scriptLocation: scriptPath scriptPath: ".pipelines/swiftv2-long-running/scripts/create_peerings.sh" arguments: > - ${{ parameters.subscriptionId }} ${{ parameters.resourceGroupName }} # ------------------------------------------------------------ From a0d21bc5c8a4d4aa9738e92667ad32e1586b1848 Mon Sep 17 00:00:00 2001 From: sivakami Date: Wed, 22 Oct 2025 12:09:04 -0700 Subject: [PATCH 26/36] Rename subnets. Changed NSG rules to prevent network connectivity between vnet 1 subnet 1 and vnet 1 subnet2. --- .../scripts/create_aks.sh | 1 + .../scripts/create_nsg.sh | 57 +++++++------------ .../scripts/create_peerings.sh | 2 +- .../scripts/create_storage.sh | 2 +- .../scripts/create_vnets.sh | 12 ++-- .../long-running-pipeline-template.yaml | 1 + 6 files changed, 31 insertions(+), 44 deletions(-) diff --git a/.pipelines/swiftv2-long-running/scripts/create_aks.sh b/.pipelines/swiftv2-long-running/scripts/create_aks.sh index dc4cbbbefd..0d8cddcbcc 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_aks.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_aks.sh @@ -1,5 +1,6 @@ #!/usr/bin/env bash set -e +trap 'echo "[ERROR] Failed during Resource group or AKS cluster creation." >&2' ERR SUBSCRIPTION_ID=$1 LOCATION=$2 diff --git a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh index 1a7655756c..d37a125a3f 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_nsg.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_nsg.sh @@ -1,63 +1,48 @@ #!/usr/bin/env bash set -e -trap 'echo "[ERROR] Failed during NSG creation." >&2' ERR +trap 'echo "[ERROR] Failed during NSG creation or rule setup." >&2' ERR SUBSCRIPTION_ID=$1 RG=$2 -LOCATION=${3:-centraluseuap} +LOCATION=$3 VNET_A1="cx_vnet_a1" +SUBNET1_PREFIX="10.10.1.0/24" +SUBNET2_PREFIX="10.10.2.0/24" NSG_NAME="${VNET_A1}-nsg" echo "==> Creating Network Security Group: $NSG_NAME" az network nsg create -g "$RG" -n "$NSG_NAME" -l "$LOCATION" --output none \ - && echo "NSG $NSG_NAME created." + && echo "[OK] NSG '$NSG_NAME' created." -echo "==> Adding NSG rules" - -# Allow SSH from any +echo "==> Creating NSG rule to DENY traffic from Subnet1 ($SUBNET1_PREFIX) to Subnet2 ($SUBNET2_PREFIX)" az network nsg rule create \ -g "$RG" \ --nsg-name "$NSG_NAME" \ - -n allow-ssh \ + -n deny-subnet1-to-subnet2 \ --priority 100 \ - --source-address-prefixes "*" \ - --destination-port-ranges 22 \ + --source-address-prefixes "$SUBNET1_PREFIX" \ + --destination-address-prefixes "$SUBNET2_PREFIX" \ --direction Inbound \ - --access Allow \ - --protocol Tcp \ - --description "Allow SSH access" \ + --access Deny \ + --protocol "*" \ + --description "Deny all traffic from Subnet1 to Subnet2" \ --output none \ - && echo "Rule allow-ssh created." + && echo "[OK] Deny rule from Subnet1 → Subnet2 created." -# Allow internal VNet traffic +echo "==> Creating NSG rule to DENY traffic from Subnet2 ($SUBNET2_PREFIX) to Subnet1 ($SUBNET1_PREFIX)" az network nsg rule create \ -g "$RG" \ --nsg-name "$NSG_NAME" \ - -n allow-vnet \ + -n deny-subnet2-to-subnet1 \ --priority 200 \ - --source-address-prefixes VirtualNetwork \ - --destination-address-prefixes VirtualNetwork \ + --source-address-prefixes "$SUBNET2_PREFIX" \ + --destination-address-prefixes "$SUBNET1_PREFIX" \ --direction Inbound \ - --access Allow \ + --access Deny \ --protocol "*" \ - --description "Allow VNet internal traffic" \ - --output none \ - && echo "Rule allow-vnet created." - -# Allow AKS API traffic -az network nsg rule create \ - -g "$RG" \ - --nsg-name "$NSG_NAME" \ - -n allow-aks-controlplane \ - --priority 300 \ - --source-address-prefixes AzureCloud \ - --destination-port-ranges 443 \ - --direction Inbound \ - --access Allow \ - --protocol Tcp \ - --description "Allow AKS control plane traffic" \ + --description "Deny all traffic from Subnet2 to Subnet1" \ --output none \ - && echo "Rule allow-aks-controlplane created." + && echo "[OK] Deny rule from Subnet2 → Subnet1 created." -echo "NSG '$NSG_NAME' created successfully with rules." +echo "NSG '$NSG_NAME' created successfully with bidirectional isolation between Subnet1 and Subnet2." diff --git a/.pipelines/swiftv2-long-running/scripts/create_peerings.sh b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh index 4b199912cf..ce5cb58c19 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_peerings.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_peerings.sh @@ -20,4 +20,4 @@ peer_two_vnets() { peer_two_vnets "$RG" "$VNET_A1" "$VNET_A2" "A1-to-A2" "A2-to-A1" peer_two_vnets "$RG" "$VNET_A2" "$VNET_A3" "A2-to-A3" "A3-to-A2" peer_two_vnets "$RG" "$VNET_A1" "$VNET_A3" "A1-to-A3" "A3-to-A1" -echo "VNet peerings created successfully." \ No newline at end of file +echo "VNet peerings created successfully." diff --git a/.pipelines/swiftv2-long-running/scripts/create_storage.sh b/.pipelines/swiftv2-long-running/scripts/create_storage.sh index 6bd2d89c10..ea431a2500 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_storage.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_storage.sh @@ -29,4 +29,4 @@ for SA in "$SA1" "$SA2"; do && echo "Storage account $SA created successfully." done -echo "All storage accounts created successfully." \ No newline at end of file +echo "All storage accounts created successfully." diff --git a/.pipelines/swiftv2-long-running/scripts/create_vnets.sh b/.pipelines/swiftv2-long-running/scripts/create_vnets.sh index c7360bbc7c..05afe90502 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_vnets.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_vnets.sh @@ -35,19 +35,19 @@ az network vnet subnet create -g "$RG" --vnet-name "$VNET_A1" -n pe --address-pr && echo "Created $VNET_A1 with subnet pe" # A2 -az network vnet create -g "$RG" -n "$VNET_A2" --address-prefix 10.11.0.0/16 --subnet-name s-A2 --subnet-prefix "$A2_MAIN" -l "$LOCATION" --output none \ - && echo "Created $VNET_A2 with subnet s-A2" +az network vnet create -g "$RG" -n "$VNET_A2" --address-prefix 10.11.0.0/16 --subnet-name s1 --subnet-prefix "$A2_MAIN" -l "$LOCATION" --output none \ + && echo "Created $VNET_A2 with subnet s1" az network vnet subnet create -g "$RG" --vnet-name "$VNET_A2" -n pe --address-prefix "$A2_PE" --output none \ && echo "Created $VNET_A2 with subnet pe" # A3 -az network vnet create -g "$RG" -n "$VNET_A3" --address-prefix 10.12.0.0/16 --subnet-name s-A3 --subnet-prefix "$A3_MAIN" -l "$LOCATION" --output none \ - && echo "Created $VNET_A3 with subnet s-A3" +az network vnet create -g "$RG" -n "$VNET_A3" --address-prefix 10.12.0.0/16 --subnet-name s1 --subnet-prefix "$A3_MAIN" -l "$LOCATION" --output none \ + && echo "Created $VNET_A3 with subnet s1" az network vnet subnet create -g "$RG" --vnet-name "$VNET_A3" -n pe --address-prefix "$A3_PE" --output none \ && echo "Created $VNET_A3 with subnet pe" # B1 -az network vnet create -g "$RG" -n "$VNET_B1" --address-prefix 10.20.0.0/16 --subnet-name s-B1 --subnet-prefix "$B1_MAIN" -l "$LOCATION" --output none \ - && echo "Created $VNET_B1 with subnet s-B1" +az network vnet create -g "$RG" -n "$VNET_B1" --address-prefix 10.20.0.0/16 --subnet-name s1 --subnet-prefix "$B1_MAIN" -l "$LOCATION" --output none \ + && echo "Created $VNET_B1 with subnet s1" echo "All VNets and subnets created successfully." diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml index 340813470d..95fb2b55cf 100644 --- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml +++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml @@ -123,3 +123,4 @@ stages: arguments: > ${{ parameters.subscriptionId }} ${{ parameters.resourceGroupName }} + ${{ parameters.location }} From 4b1334882897473ead0cf259356a02813e60df65 Mon Sep 17 00:00:00 2001 From: sivakami Date: Wed, 22 Oct 2025 13:28:07 -0700 Subject: [PATCH 27/36] Private endpoints. --- .../swiftv2-long-running/scripts/create_pe.sh | 49 +++++++++++++++++++ .../scripts/create_storage.sh | 4 ++ .../long-running-pipeline-template.yaml | 30 ++++++++++++ 3 files changed, 83 insertions(+) create mode 100644 .pipelines/swiftv2-long-running/scripts/create_pe.sh diff --git a/.pipelines/swiftv2-long-running/scripts/create_pe.sh b/.pipelines/swiftv2-long-running/scripts/create_pe.sh new file mode 100644 index 0000000000..eab33a50c7 --- /dev/null +++ b/.pipelines/swiftv2-long-running/scripts/create_pe.sh @@ -0,0 +1,49 @@ +#!/usr/bin/env bash +set -e +trap 'echo "[ERROR] Failed during Private Endpoint or DNS setup." >&2' ERR + +SUBSCRIPTION_ID=$1 +LOCATION=$2 +RG=$3 +SA1_NAME=$4 # from previous script (storage account 1) +SA2_NAME=$5 # from previous script (storage account 2) +VNET_A1="cx_vnet_a1" + +SUBNET_PE_A1="pe" +PE_NAME="${SA1_NAME}-pe" +PRIVATE_DNS_ZONE="privatelink.blob.core.windows.net" +LINK_NAME="${VNET_A1}-link" + +echo "==> Creating Private DNS zone: $PRIVATE_DNS_ZONE" +az network private-dns zone create -g "$RG" -n "$PRIVATE_DNS_ZONE" --output none \ + && echo "[OK] DNS zone $PRIVATE_DNS_ZONE created." + +echo "==> Linking DNS zone $PRIVATE_DNS_ZONE to VNet $VNET_A1" +az network private-dns link-vnet create \ + -g "$RG" -n "$LINK_NAME" \ + --zone-name "$PRIVATE_DNS_ZONE" \ + --virtual-network "$VNET_A1" \ + --registration-enabled false --output none \ + && echo "[OK] Linked DNS zone to $VNET_A1." + +echo "==> Creating Private Endpoint for Storage Account: $SA1_NAME" +SA1_ID=$(az storage account show -g "$RG" -n "$SA1_NAME" --query id -o tsv) +az network private-endpoint create \ + -g "$RG" -n "$PE_NAME" -l "$LOCATION" \ + --vnet-name "$VNET_A1" --subnet "$SUBNET_PE_A1" \ + --private-connection-resource-id "$SA1_ID" \ + --group-id blob \ + --connection-name "${PE_NAME}-conn" \ + --output none \ + && echo "[OK] Private Endpoint $PE_NAME created for $SA1_NAME." + +echo "==> Linking Private Endpoint to DNS zone" +NIC_ID=$(az network private-endpoint show -g "$RG" -n "$PE_NAME" --query 'networkInterfaces[0].id' -o tsv) +FQDN=$(az storage account show -g "$RG" -n "$SA1_NAME" --query 'primaryEndpoints.blob' -o tsv | sed 's#https://##; s#/##') +PRIVATE_IP=$(az network nic show --ids "$NIC_ID" --query 'ipConfigurations[0].privateIpAddress' -o tsv) + +az network private-dns record-set a add-record \ + -g "$RG" -z "$PRIVATE_DNS_ZONE" -n "$FQDN" -a "$PRIVATE_IP" --output none \ + && echo "[OK] Added Private DNS record for $SA1_NAME → $PRIVATE_IP" + +echo "Private Endpoint setup complete for $SA1_NAME (accessible only within VNet A1)." diff --git a/.pipelines/swiftv2-long-running/scripts/create_storage.sh b/.pipelines/swiftv2-long-running/scripts/create_storage.sh index ea431a2500..62a285ef04 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_storage.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_storage.sh @@ -30,3 +30,7 @@ for SA in "$SA1" "$SA2"; do done echo "All storage accounts created successfully." +set +x + echo "##vso[task.setvariable variable=StorageAccount1;isOutput=true]$SA1" + echo "##vso[task.setvariable variable=StorageAccount2;isOutput=true]$SA2" +set -x diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml index 95fb2b55cf..0f328466fa 100644 --- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml +++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml @@ -92,6 +92,7 @@ stages: steps: - checkout: self - task: AzureCLI@2 + name: CreateStorageTask displayName: "Run create_storage.sh" inputs: azureSubscription: ${{ parameters.serviceConnection }} @@ -102,6 +103,9 @@ stages: ${{ parameters.subscriptionId }} ${{ parameters.location }} ${{ parameters.resourceGroupName }} + outputs: + StorageAccount1: $[ dependencies.Create_Storage.outputs['CreateStorageTask.StorageAccount1'] ] + StorageAccount2: $[ dependencies.Create_Storage.outputs['CreateStorageTask.StorageAccount2'] ] # ------------------------------------------------------------ # Job 5: Create NSG @@ -124,3 +128,29 @@ stages: ${{ parameters.subscriptionId }} ${{ parameters.resourceGroupName }} ${{ parameters.location }} + # ------------------------------------------------------------ + # Job 6: Create Private Endpoint + # ------------------------------------------------------------ + - job: Create_PrivateEndpoint + displayName: "Create Private Endpoint for Storage" + dependsOn: Create_Storage + pool: + vmImage: ubuntu-latest + variables: + StorageAccount1: $[ dependencies.Create_Storage.outputs['CreateStorageTask.StorageAccount1'] ] + StorageAccount2: $[ dependencies.Create_Storage.outputs['CreateStorageTask.StorageAccount2'] ] + steps: + - checkout: self + - task: AzureCLI@2 + displayName: "Run create_private_endpoint.sh" + inputs: + azureSubscription: ${{ parameters.serviceConnection }} + scriptType: bash + scriptLocation: scriptPath + scriptPath: ".pipelines/swiftv2-long-running/scripts/create_private_endpoint.sh" + arguments: > + ${{ parameters.subscriptionId }} + ${{ parameters.location }} + ${{ parameters.resourceGroupName }} + $(StorageAccount1) + $(StorageAccount2) From 54eab3472dd699611dce8adb4a3e2a1ec345880b Mon Sep 17 00:00:00 2001 From: sivakami Date: Wed, 22 Oct 2025 13:46:25 -0700 Subject: [PATCH 28/36] Change pipeline template. --- .../long-running-pipeline-template.yaml | 78 ++++++------------- 1 file changed, 22 insertions(+), 56 deletions(-) diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml index 0f328466fa..c4ff52902c 100644 --- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml +++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml @@ -19,7 +19,7 @@ stages: # ------------------------------------------------------------ # Job 1: Create AKS Cluster # ------------------------------------------------------------ - - job: Create_AKS + - job: CreateCluster displayName: "Create AKS Clusters" pool: vmImage: ubuntu-latest @@ -40,17 +40,18 @@ stages: ${{ parameters.vmSkuHighNIC }} # ------------------------------------------------------------ - # Job 2: Create VNets + # Job 2: Networking & Storage # ------------------------------------------------------------ - - job: Create_VNets - displayName: "Create VNets" - dependsOn: Create_AKS + - job: NetworkingAndStorage + displayName: "Networking and Storage Setup" pool: vmImage: ubuntu-latest steps: - checkout: self + + # Task 1: Create VNets - task: AzureCLI@2 - displayName: "Run create_vnets.sh" + displayName: "Create customer vnets" inputs: azureSubscription: ${{ parameters.serviceConnection }} scriptType: bash @@ -61,18 +62,9 @@ stages: ${{ parameters.location }} ${{ parameters.resourceGroupName }} - # ------------------------------------------------------------ - # Job 3: Create Peerings - # ------------------------------------------------------------ - - job: Create_Peerings - displayName: "Create Peerings" - dependsOn: Create_VNets - pool: - vmImage: ubuntu-latest - steps: - - checkout: self + # Task 2: Create Peerings - task: AzureCLI@2 - displayName: "Run create_peerings.sh" + displayName: "Create customer vnet peerings" inputs: azureSubscription: ${{ parameters.serviceConnection }} scriptType: bash @@ -81,19 +73,10 @@ stages: arguments: > ${{ parameters.resourceGroupName }} - # ------------------------------------------------------------ - # Job 4: Create Storage - # ------------------------------------------------------------ - - job: Create_Storage - displayName: "Create Storage" - dependsOn: Create_AKS - pool: - vmImage: ubuntu-latest - steps: - - checkout: self + # Task 3: Create Storage Accounts - task: AzureCLI@2 name: CreateStorageTask - displayName: "Run create_storage.sh" + displayName: "Create storage accounts" inputs: azureSubscription: ${{ parameters.serviceConnection }} scriptType: bash @@ -103,22 +86,16 @@ stages: ${{ parameters.subscriptionId }} ${{ parameters.location }} ${{ parameters.resourceGroupName }} - outputs: - StorageAccount1: $[ dependencies.Create_Storage.outputs['CreateStorageTask.StorageAccount1'] ] - StorageAccount2: $[ dependencies.Create_Storage.outputs['CreateStorageTask.StorageAccount2'] ] - # ------------------------------------------------------------ - # Job 5: Create NSG - # ------------------------------------------------------------ - - job: Create_NSG - displayName: "Create Network Security Groups" - dependsOn: Create_VNets - pool: - vmImage: ubuntu-latest - steps: - - checkout: self + # Set storage account names as variables for later tasks + - script: | + echo "##vso[task.setvariable variable=StorageAccount1]$(StorageAccount1)" + echo "##vso[task.setvariable variable=StorageAccount2]$(StorageAccount2)" + displayName: "Set storage account variables" + + # Task 4: Create NSG - task: AzureCLI@2 - displayName: "Run create_nsg.sh" + displayName: "Create network security groups to restrict access between subnets." inputs: azureSubscription: ${{ parameters.serviceConnection }} scriptType: bash @@ -128,21 +105,10 @@ stages: ${{ parameters.subscriptionId }} ${{ parameters.resourceGroupName }} ${{ parameters.location }} - # ------------------------------------------------------------ - # Job 6: Create Private Endpoint - # ------------------------------------------------------------ - - job: Create_PrivateEndpoint - displayName: "Create Private Endpoint for Storage" - dependsOn: Create_Storage - pool: - vmImage: ubuntu-latest - variables: - StorageAccount1: $[ dependencies.Create_Storage.outputs['CreateStorageTask.StorageAccount1'] ] - StorageAccount2: $[ dependencies.Create_Storage.outputs['CreateStorageTask.StorageAccount2'] ] - steps: - - checkout: self + + # Task 5: Create Private Endpoint - task: AzureCLI@2 - displayName: "Run create_private_endpoint.sh" + displayName: "Create Private Endpoint for Storage Account." inputs: azureSubscription: ${{ parameters.serviceConnection }} scriptType: bash From 335ddc19bf4ef1009c00fad9ac4ce1cc2132e68d Mon Sep 17 00:00:00 2001 From: sivakami Date: Wed, 22 Oct 2025 14:02:16 -0700 Subject: [PATCH 29/36] Set output variables. --- .../template/long-running-pipeline-template.yaml | 16 +++++----------- 1 file changed, 5 insertions(+), 11 deletions(-) diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml index c4ff52902c..f47a67ce1e 100644 --- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml +++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml @@ -75,7 +75,7 @@ stages: # Task 3: Create Storage Accounts - task: AzureCLI@2 - name: CreateStorageTask + name: CreateStorageAccounts displayName: "Create storage accounts" inputs: azureSubscription: ${{ parameters.serviceConnection }} @@ -86,13 +86,7 @@ stages: ${{ parameters.subscriptionId }} ${{ parameters.location }} ${{ parameters.resourceGroupName }} - - # Set storage account names as variables for later tasks - - script: | - echo "##vso[task.setvariable variable=StorageAccount1]$(StorageAccount1)" - echo "##vso[task.setvariable variable=StorageAccount2]$(StorageAccount2)" - displayName: "Set storage account variables" - + # Task 4: Create NSG - task: AzureCLI@2 displayName: "Create network security groups to restrict access between subnets." @@ -113,10 +107,10 @@ stages: azureSubscription: ${{ parameters.serviceConnection }} scriptType: bash scriptLocation: scriptPath - scriptPath: ".pipelines/swiftv2-long-running/scripts/create_private_endpoint.sh" + scriptPath: ".pipelines/swiftv2-long-running/scripts/create_pe.sh" arguments: > ${{ parameters.subscriptionId }} ${{ parameters.location }} ${{ parameters.resourceGroupName }} - $(StorageAccount1) - $(StorageAccount2) + $(CreateStorageAccounts.StorageAccount1) + $(CreateStorageAccounts.StorageAccount2) From 1ba358542aff6177cadae973de0b345fb72c5c67 Mon Sep 17 00:00:00 2001 From: sivakami Date: Wed, 22 Oct 2025 14:23:22 -0700 Subject: [PATCH 30/36] private endpoint. --- .../swiftv2-long-running/scripts/create_pe.sh | 26 +++++-------------- 1 file changed, 6 insertions(+), 20 deletions(-) diff --git a/.pipelines/swiftv2-long-running/scripts/create_pe.sh b/.pipelines/swiftv2-long-running/scripts/create_pe.sh index eab33a50c7..843d27db2d 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_pe.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_pe.sh @@ -5,45 +5,31 @@ trap 'echo "[ERROR] Failed during Private Endpoint or DNS setup." >&2' ERR SUBSCRIPTION_ID=$1 LOCATION=$2 RG=$3 -SA1_NAME=$4 # from previous script (storage account 1) -SA2_NAME=$5 # from previous script (storage account 2) +SA1_NAME=$4 # Storage account 1 VNET_A1="cx_vnet_a1" - SUBNET_PE_A1="pe" PE_NAME="${SA1_NAME}-pe" PRIVATE_DNS_ZONE="privatelink.blob.core.windows.net" LINK_NAME="${VNET_A1}-link" +# 1. Create Private DNS zone echo "==> Creating Private DNS zone: $PRIVATE_DNS_ZONE" az network private-dns zone create -g "$RG" -n "$PRIVATE_DNS_ZONE" --output none \ && echo "[OK] DNS zone $PRIVATE_DNS_ZONE created." +# 2. Link DNS zone to VNet echo "==> Linking DNS zone $PRIVATE_DNS_ZONE to VNet $VNET_A1" -az network private-dns link-vnet create \ +az network private-dns link vnet create \ -g "$RG" -n "$LINK_NAME" \ --zone-name "$PRIVATE_DNS_ZONE" \ --virtual-network "$VNET_A1" \ --registration-enabled false --output none \ && echo "[OK] Linked DNS zone to $VNET_A1." +# 3. Create Private Endpoint echo "==> Creating Private Endpoint for Storage Account: $SA1_NAME" SA1_ID=$(az storage account show -g "$RG" -n "$SA1_NAME" --query id -o tsv) az network private-endpoint create \ -g "$RG" -n "$PE_NAME" -l "$LOCATION" \ --vnet-name "$VNET_A1" --subnet "$SUBNET_PE_A1" \ - --private-connection-resource-id "$SA1_ID" \ - --group-id blob \ - --connection-name "${PE_NAME}-conn" \ - --output none \ - && echo "[OK] Private Endpoint $PE_NAME created for $SA1_NAME." - -echo "==> Linking Private Endpoint to DNS zone" -NIC_ID=$(az network private-endpoint show -g "$RG" -n "$PE_NAME" --query 'networkInterfaces[0].id' -o tsv) -FQDN=$(az storage account show -g "$RG" -n "$SA1_NAME" --query 'primaryEndpoints.blob' -o tsv | sed 's#https://##; s#/##') -PRIVATE_IP=$(az network nic show --ids "$NIC_ID" --query 'ipConfigurations[0].privateIpAddress' -o tsv) - -az network private-dns record-set a add-record \ - -g "$RG" -z "$PRIVATE_DNS_ZONE" -n "$FQDN" -a "$PRIVATE_IP" --output none \ - && echo "[OK] Added Private DNS record for $SA1_NAME → $PRIVATE_IP" - -echo "Private Endpoint setup complete for $SA1_NAME (accessible only within VNet A1)." + --private-connection-resource-id "$SA1 From b600fa01169a561ce4401452ba2c176155ba7106 Mon Sep 17 00:00:00 2001 From: sivakami Date: Wed, 22 Oct 2025 14:35:13 -0700 Subject: [PATCH 31/36] update private endpoint. --- .pipelines/swiftv2-long-running/scripts/create_pe.sh | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.pipelines/swiftv2-long-running/scripts/create_pe.sh b/.pipelines/swiftv2-long-running/scripts/create_pe.sh index 843d27db2d..d9d4bdbf6b 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_pe.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_pe.sh @@ -32,4 +32,8 @@ SA1_ID=$(az storage account show -g "$RG" -n "$SA1_NAME" --query id -o tsv) az network private-endpoint create \ -g "$RG" -n "$PE_NAME" -l "$LOCATION" \ --vnet-name "$VNET_A1" --subnet "$SUBNET_PE_A1" \ - --private-connection-resource-id "$SA1 + --private-connection-resource-id "$SA1_ID" \ + --group-id blob \ + --connection-name "${PE_NAME}-conn" \ + --output none \ + && echo "[OK] Private Endpoint $PE_NAME created for $SA1_NAME." From e15efde009cf923740d23a871e7712d837a24585 Mon Sep 17 00:00:00 2001 From: sivakami Date: Wed, 22 Oct 2025 17:05:06 -0700 Subject: [PATCH 32/36] create storage account. --- .../scripts/create_storage.sh | 32 ++++++++++--------- 1 file changed, 17 insertions(+), 15 deletions(-) diff --git a/.pipelines/swiftv2-long-running/scripts/create_storage.sh b/.pipelines/swiftv2-long-running/scripts/create_storage.sh index 62a285ef04..a21b1d1d3a 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_storage.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_storage.sh @@ -9,28 +9,30 @@ RG=$3 RAND=$(openssl rand -hex 4) SA1="sa1${RAND}" SA2="sa2${RAND}" -API_VER="2025-06-01" + +# Set subscription context +az account set --subscription "$SUBSCRIPTION_ID" # Create storage accounts for SA in "$SA1" "$SA2"; do echo "==> Creating storage account $SA" - az rest --method put \ - --url "https://management.azure.com/subscriptions/$SUBSCRIPTION_ID/resourceGroups/$RG/providers/Microsoft.Storage/storageAccounts/$SA?api-version=$API_VER" \ - --body "{ - \"location\": \"$LOCATION\", - \"sku\": { \"name\": \"Standard_LRS\" }, - \"kind\": \"StorageV2\", - \"properties\": { - \"minimumTlsVersion\": \"TLS1_2\", - \"allowBlobPublicAccess\": false, - \"allowSharedKeyAccess\": false - } - }" \ + az storage account create \ + --name "$SA" \ + --resource-group "$RG" \ + --location "$LOCATION" \ + --sku Standard_LRS \ + --kind StorageV2 \ + --allow-blob-public-access false \ + --https-only true \ + --min-tls-version TLS1_2 \ + --query "name" -o tsv \ && echo "Storage account $SA created successfully." done echo "All storage accounts created successfully." + +# Set pipeline output variables set +x - echo "##vso[task.setvariable variable=StorageAccount1;isOutput=true]$SA1" - echo "##vso[task.setvariable variable=StorageAccount2;isOutput=true]$SA2" +echo "##vso[task.setvariable variable=StorageAccount1;isOutput=true]$SA1" +echo "##vso[task.setvariable variable=StorageAccount2;isOutput=true]$SA2" set -x From 2d124c083a106fea5397375e20fc5115c2a01116 Mon Sep 17 00:00:00 2001 From: sivakami Date: Wed, 22 Oct 2025 19:23:51 -0700 Subject: [PATCH 33/36] disallow shared key access. --- .pipelines/swiftv2-long-running/scripts/create_storage.sh | 1 + 1 file changed, 1 insertion(+) diff --git a/.pipelines/swiftv2-long-running/scripts/create_storage.sh b/.pipelines/swiftv2-long-running/scripts/create_storage.sh index a21b1d1d3a..14c230734f 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_storage.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_storage.sh @@ -23,6 +23,7 @@ for SA in "$SA1" "$SA2"; do --sku Standard_LRS \ --kind StorageV2 \ --allow-blob-public-access false \ + --allow-shared-key-access false \ --https-only true \ --min-tls-version TLS1_2 \ --query "name" -o tsv \ From 556d63c93f7349864b70ef7175ceaaa4afd5d7c3 Mon Sep 17 00:00:00 2001 From: sivakami Date: Wed, 22 Oct 2025 20:03:20 -0700 Subject: [PATCH 34/36] change pipeline template. --- .../long-running-pipeline-template.yaml | 39 ++++++++++++++++--- 1 file changed, 33 insertions(+), 6 deletions(-) diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml index f47a67ce1e..16279c1107 100644 --- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml +++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml @@ -17,10 +17,34 @@ stages: displayName: "Stage: AKS Cluster and Networking Setup" jobs: # ------------------------------------------------------------ - # Job 1: Create AKS Cluster + # Job 1: Create Resource Group + # ------------------------------------------------------------ + - job: CreateResourceGroup + displayName: "Create Resource Group" + pool: + vmImage: ubuntu-latest + steps: + - checkout: self + - task: AzureCLI@2 + displayName: "Create resource group" + inputs: + azureSubscription: ${{ parameters.serviceConnection }} + scriptType: bash + scriptLocation: inlineScript + inlineScript: | + echo "==> Creating resource group ${{ parameters.resourceGroupName }} in ${{ parameters.location }}" + az group create \ + --name "${{ parameters.resourceGroupName }}" \ + --location "${{ parameters.location }}" \ + --subscription "${{ parameters.subscriptionId }}" + echo "Resource group created successfully." + + # ------------------------------------------------------------ + # Job 2: Create AKS Clusters # ------------------------------------------------------------ - job: CreateCluster displayName: "Create AKS Clusters" + dependsOn: CreateResourceGroup pool: vmImage: ubuntu-latest steps: @@ -38,12 +62,13 @@ stages: ${{ parameters.resourceGroupName }} ${{ parameters.vmSkuDefault }} ${{ parameters.vmSkuHighNIC }} - + # ------------------------------------------------------------ - # Job 2: Networking & Storage + # Job 3: Networking & Storage # ------------------------------------------------------------ - job: NetworkingAndStorage displayName: "Networking and Storage Setup" + dependsOn: CreateResourceGroup pool: vmImage: ubuntu-latest steps: @@ -86,10 +111,10 @@ stages: ${{ parameters.subscriptionId }} ${{ parameters.location }} ${{ parameters.resourceGroupName }} - + # Task 4: Create NSG - task: AzureCLI@2 - displayName: "Create network security groups to restrict access between subnets." + displayName: "Create network security groups to restrict access between subnets" inputs: azureSubscription: ${{ parameters.serviceConnection }} scriptType: bash @@ -102,7 +127,7 @@ stages: # Task 5: Create Private Endpoint - task: AzureCLI@2 - displayName: "Create Private Endpoint for Storage Account." + displayName: "Create Private Endpoint for Storage Account" inputs: azureSubscription: ${{ parameters.serviceConnection }} scriptType: bash @@ -114,3 +139,5 @@ stages: ${{ parameters.resourceGroupName }} $(CreateStorageAccounts.StorageAccount1) $(CreateStorageAccounts.StorageAccount2) + + From 3e502faa7ce3e8883d2aaecefeb95a0c7140d551 Mon Sep 17 00:00:00 2001 From: sivakami Date: Thu, 23 Oct 2025 10:30:13 -0700 Subject: [PATCH 35/36] Removed unused param. --- .pipelines/swiftv2-long-running/scripts/create_aks.sh | 3 --- .../template/long-running-pipeline-template.yaml | 3 --- 2 files changed, 6 deletions(-) diff --git a/.pipelines/swiftv2-long-running/scripts/create_aks.sh b/.pipelines/swiftv2-long-running/scripts/create_aks.sh index 0d8cddcbcc..f051f994a6 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_aks.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_aks.sh @@ -15,9 +15,6 @@ echo "VM SKU (default): $VM_SKU_DEFAULT" echo "VM SKU (high-NIC): $VM_SKU_HIGHNIC" az account set --subscription "$SUBSCRIPTION_ID" -echo "==> Creating resource group: $RG" -az group create -n "$RG" -l "$LOCATION" --output none - # Enable parallel cluster creation create_cluster() { local CLUSTER=$1 diff --git a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml index 16279c1107..cc6016f17a 100644 --- a/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml +++ b/.pipelines/swiftv2-long-running/template/long-running-pipeline-template.yaml @@ -138,6 +138,3 @@ stages: ${{ parameters.location }} ${{ parameters.resourceGroupName }} $(CreateStorageAccounts.StorageAccount1) - $(CreateStorageAccounts.StorageAccount2) - - From 85b4f2f775845da8aeb1e38ae39ea24ace2a06f2 Mon Sep 17 00:00:00 2001 From: sivakami Date: Thu, 23 Oct 2025 12:18:54 -0700 Subject: [PATCH 36/36] Link private endpoint dns to vnet a2 and vnet a3. --- .../swiftv2-long-running/scripts/create_pe.sh | 23 ++++++++++++++++--- .../scripts/create_vnets.sh | 6 ----- 2 files changed, 20 insertions(+), 9 deletions(-) diff --git a/.pipelines/swiftv2-long-running/scripts/create_pe.sh b/.pipelines/swiftv2-long-running/scripts/create_pe.sh index d9d4bdbf6b..1d1aea0744 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_pe.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_pe.sh @@ -6,11 +6,13 @@ SUBSCRIPTION_ID=$1 LOCATION=$2 RG=$3 SA1_NAME=$4 # Storage account 1 + VNET_A1="cx_vnet_a1" +VNET_A2="cx_vnet_a2" +VNET_A3="cx_vnet_a3" SUBNET_PE_A1="pe" PE_NAME="${SA1_NAME}-pe" PRIVATE_DNS_ZONE="privatelink.blob.core.windows.net" -LINK_NAME="${VNET_A1}-link" # 1. Create Private DNS zone echo "==> Creating Private DNS zone: $PRIVATE_DNS_ZONE" @@ -20,12 +22,27 @@ az network private-dns zone create -g "$RG" -n "$PRIVATE_DNS_ZONE" --output none # 2. Link DNS zone to VNet echo "==> Linking DNS zone $PRIVATE_DNS_ZONE to VNet $VNET_A1" az network private-dns link vnet create \ - -g "$RG" -n "$LINK_NAME" \ + -g "$RG" -n "${VNET_A1}-link" \ --zone-name "$PRIVATE_DNS_ZONE" \ --virtual-network "$VNET_A1" \ - --registration-enabled false --output none \ + --registration-enabled false \ && echo "[OK] Linked DNS zone to $VNET_A1." +az network private-dns link vnet create \ + -g "$RG" -n "${VNET_A2}-link" -\ + -zone-name "$PRIVATE_DNS_ZONE" \ + --virtual-network "$VNET_A2" \ + --registration-enabled false \ + && echo "[OK] Linked DNS zone to $VNET_A2." + +az network private-dns link vnet create \ + -g "$RG" -n "${VNET_A3}-link" \ + --zone-name "$PRIVATE_DNS_ZONE" \ + --virtual-network "$VNET_A3" \ + --registration-enabled false \ + && echo "[OK] Linked DNS zone to $VNET_A3." + + # 3. Create Private Endpoint echo "==> Creating Private Endpoint for Storage Account: $SA1_NAME" SA1_ID=$(az storage account show -g "$RG" -n "$SA1_NAME" --query id -o tsv) diff --git a/.pipelines/swiftv2-long-running/scripts/create_vnets.sh b/.pipelines/swiftv2-long-running/scripts/create_vnets.sh index 05afe90502..7363476488 100644 --- a/.pipelines/swiftv2-long-running/scripts/create_vnets.sh +++ b/.pipelines/swiftv2-long-running/scripts/create_vnets.sh @@ -19,10 +19,8 @@ A1_S2="10.10.2.0/24" A1_PE="10.10.100.0/24" A2_MAIN="10.11.1.0/24" -A2_PE="10.11.100.0/24" A3_MAIN="10.12.1.0/24" -A3_PE="10.12.100.0/24" B1_MAIN="10.20.1.0/24" @@ -37,14 +35,10 @@ az network vnet subnet create -g "$RG" --vnet-name "$VNET_A1" -n pe --address-pr # A2 az network vnet create -g "$RG" -n "$VNET_A2" --address-prefix 10.11.0.0/16 --subnet-name s1 --subnet-prefix "$A2_MAIN" -l "$LOCATION" --output none \ && echo "Created $VNET_A2 with subnet s1" -az network vnet subnet create -g "$RG" --vnet-name "$VNET_A2" -n pe --address-prefix "$A2_PE" --output none \ - && echo "Created $VNET_A2 with subnet pe" # A3 az network vnet create -g "$RG" -n "$VNET_A3" --address-prefix 10.12.0.0/16 --subnet-name s1 --subnet-prefix "$A3_MAIN" -l "$LOCATION" --output none \ && echo "Created $VNET_A3 with subnet s1" -az network vnet subnet create -g "$RG" --vnet-name "$VNET_A3" -n pe --address-prefix "$A3_PE" --output none \ - && echo "Created $VNET_A3 with subnet pe" # B1 az network vnet create -g "$RG" -n "$VNET_B1" --address-prefix 10.20.0.0/16 --subnet-name s1 --subnet-prefix "$B1_MAIN" -l "$LOCATION" --output none \