Ansible on Azure User Defined Routes

Updated -

Red Hat Ansible Automation Platform on Microsoft Azure does allow customers to create user defined routes from the VNET deployed with the managed application to internal network ranges, firewalls, virtual network appliances, etc. This article describes how to configure user defined routes.

Most of Ansible Automation Platform on Azure's resources are deployed into a Managed Resource Group that customers do not have access to edit. See more about those resource groups here. However, a route table is deployed into the "node pool resource group" that is user editable. This route table is attached to the proper subnets within the deployment to configure user defined routes.

Adding Routes to the Route Table

Follow these steps to add routes to the route table:

  1. Open the Azure Portal in your web browser.
  2. Navigate to resource groups.
  3. Select the "node pool resource group". It will follow the naming convention: rg-<identifier>-nodepool-<region>.
  4. Select the route table. It will follow the naming convention: aks-agentpool-<identifier>-routetable.
  5. Select "Routes" in the left menu.
  6. Click "Add" to add a new route to your internal network.
    • Note that the "Next hop type" will depend on your internal networking configuration. If you have directly peered your networks, then "Virtual Network" is likely the selection that you need. If you have a firewall or other appliance that you need to route traffic through, then you will select "Virtual Network Appliance".
    • Each customer's cloud networking configuration is unique and requires planning configuration that is specific to Azure and not Ansible Automation Platform on Azure. Networking configuration changes may require network troubleshooting resources within a customer's domain, such as firewall rules, to ensure that traffic flows properly in order for Ansible Automation Platform to operate properly.
  7. Add the routes to your external networks as a unique route per-network.
    • Note that you will need to perform a similar exercise from your other route tables to ensure that traffic can route from those networks to the Ansible on Azure network.

Note: There are two or more routes that AKS uses in this route table. Do not edit or delete these routes as that change will break the networking configuration of your managed application deployment.

Propagating Routes

By default, the "Propagate gateway routes" configuration is enabled. If your organization uses an Azure Virtual Network Gateway or Virtual Network Appliance that propagates BGP routes, then this configuration will auto-configure routing between other networks and the Ansible on Azure route table.

If your organization uses a networking deployment that does not, or should not, propagate routes automatically, then you will want to disable this setting to ensure that your user defined routing works as expected.

Follow these steps to enable or disable route propagation:

  1. Open the Azure Portal in your web browser.
  2. Navigate to resource groups.
  3. Select the "node pool resource group". It will follow the naming convention: rg-<identifier>-nodepool-<region>.
  4. Select the route table. It will follow the naming convention: aks-agentpool-<identifier>-routetable.
  5. Click "Configuration" in the left menu.
  6. Select "Yes" or "No" to enable or disable route propagation based on your needs.
  7. Click "Save".

Comments