This documentation is for the most recent version of GKE on Azure, released in November 2021. See the Release notes for more information.

Create an Azure virtual network

Before you can deploy an Anthos cluster on Azure, you need to create an Azure virtual network (VNet) in which your cluster will run. This page explains how to do that.

However, before creating an Azure VNet, we recommend that you create a new resource group for the VNet that is separate from the resource group you will create later for your GKE on Azure. This separation can help better organize and manage your resources.

To create a new resource group for your Azure VNet, run the following command:

az group create --name "VNET_RESOURCE_GROUP_NAME" \
  --location "AZURE_REGION"

Replace the following:

VNET_RESOURCE_GROUP_NAME: the name of the resource group for your GKE on Azure VNet
AZURE_REGION: a supported Azure region—for example westus2

Now that you have created a resource group for your Azure Vnet, perform the following steps to create a VNet with a default subnet, and attach a NAT gateway to that subnet:

To create a new VNet with a default subnet, run the following command:
```
az network vnet create \
  --name "VNET_NAME" \
  --location "AZURE_REGION" \
  --resource-group "VNET_RESOURCE_GROUP_NAME" \
  --address-prefixes VNET_ADDRESS_PREFIXES \
  --subnet-name default
```
Replace the following:
- VNET_NAME: the name of your VNet
- AZURE_REGION: the Azure region used previously
- VNET_RESOURCE_GROUP_NAME: the name of the resource group for your VNet that you created at the beginning of this document
- VNET_ADDRESS_PREFIXES: a space-separated list of IP address prefixes in CIDR notation—for example 10.0.0.0/16 172.16.0.0/12

To create an IP address for a new NAT gateway, attach a NAT gateway to the IP address, and attach the NAT gateway to the default subnet, run the following commands:

az network public-ip create \
  --name "NAT_GATEWAY_NAME-ip" \
  --location "AZURE_REGION" \
  --resource-group "VNET_RESOURCE_GROUP_NAME" \
  --allocation-method Static \
  --sku Standard

az network nat gateway create \
  --name "NAT_GATEWAY_NAME" \
  --location "AZURE_REGION" \
  --resource-group "VNET_RESOURCE_GROUP_NAME" \
  --public-ip-addresses "NAT_GATEWAY_NAME-ip" \
  --idle-timeout 10

az network vnet subnet update \
  --name default \
  --vnet-name "VNET_NAME" \
  --resource-group "VNET_RESOURCE_GROUP_NAME" \
  --nat-gateway "NAT_GATEWAY_NAME"

Replace the following:

NAT_GATEWAY_NAME: the name of the new NAT gateway
VNET_NAME: the name of your VNet
AZURE_REGION: the Azure region used previously
VNET_RESOURCE_GROUP_NAME: the name of the resource group for your VNet that you created at the beginning of this document

What's next

Create an Azure resource group