Azure Managed DevOps Pools
Managed DevOps Pools Have you ever had to deploy, configure, and maintain your own DevOps agents, be it for Azure DevOps or GitHub? If so, then you …
IPAM Pools - Azure Virtual Network Manager
Have you ever had to manage your IP-Addresses within Azure and make sure there are not overlapping ranges. Or had to find out which IP-Address range was still available. For me this was such a tedious task, especialy working in a team and potentially forgetting to update wiki pages, Excel files or other documents scattered across various systems.
IP address pools are part of the Virtual Network Manager and are currently in preview. I will not explain the features of the Virtual Network Manager, this is a topic for another blog item later.
This blog will show you what the IP Address Pools are about and how it can help you manage and automate your IP address ranges within Azure. I will provide you with some code examples, since I’m always deploying using Infrastructure as Code, and my prefered language is Terraform. This blog is a representation of my way of working when trying out new things and will be used as documentation for my own steps and findings.
Requirements
First I’m finding out what the IP address pools actually need to be able to be used. So after looking at the Microsoft Learn page I’ve found out Azure resources we need to start using IP address pools:
- Subscription
- Resource Group
- Network Manager
- IP address pool
To leverage the IP address pools, we additionally also need the following resources:
- Virtual Network
- Subnet(s)
Resources
So let’s create the basic resources first, since we already have our Azure subscription ready.
Terraform
I will skip explaining the basics of Terraform, since the purpose of this blog is not learning Terraform.
Providers
I’ve used the AzureRM and AzAPI providers for deploying resources. Usually I’m using AzureRM for all my deployments, but the AzAPI is quite powerfull since it can directly call ARM API’s, so they have better support to deploy new features or settings from the Azure services.
terraform {
required_providers {
azurerm = {
source = "hashicorp/azurerm"
version = "4.14.0"
}
azapi = {
source = "Azure/azapi"
version = "2.1.0"
}
}
}
provider "azurerm" {
subscription_id = var.subscription_id
features {}
}
provider "azapi" {}
Locals
For testing purposes I’m using locals for naming conventions and other relatively static values.
locals {
rgName = "rg-pdk-ipam-test-weu-001"
vnetName = "vnet-pdk-ipam-test-weu-001"
netmgrName = "netmgr-pdk-ipam-test-weu-001"
}
Resource Group
resource "azurerm_resource_group" "rg" {
name = local.rgName
location = var.location
}
Network manager
Since the network manager is something that I potentially will be using for more than a single purpose, I’m creating a module for this.
resource "azapi_resource" "networkManager" {
type = "Microsoft.Network/networkManagers@2024-05-01"
name = var.netmgrName
location = var.location
parent_id = var.rgResourceId
body = {
properties = {
description = "This network manager is used to test the creation and usage of IPAM in combination with virtual networks in the subscription."
networkManagerScopeAccesses = [
// "Connectivity", "Routing", "SecurityAdmin", "SecurityUser"
"Connectivity",
"Routing"
]
networkManagerScopes = {
subscriptions = ["/subscriptions/${var.subscription_id}"]
}
}
}
}
IP address pool
Now that we have the network manager, we need to create an IP address pool.
resource "azapi_resource" "ipamPool" {
depends_on = [azapi_resource.networkManager]
type = "Microsoft.Network/networkManagers/ipamPools@2024-05-01"
name = "ipamPool1"
location = var.location
parent_id = azapi_resource.networkManager.id
body = {
properties = {
addressPrefixes = var.ipamPoolAddressPrefixes
description = "Test Description"
displayName = "Test Name"
}
}
}
Tests - work in progress
Let’s perform some tests to see how this works and what the results will be. Tests I’ve performed:
- Adding new range(s)
- Changing assigned range(s)
- Removing assigned range(s)
- Removing the virtual network
- Adding new range while there is not availability in the pool