Stay organized with collectionsSave and categorize content based on your preferences.
Create an Azure virtual network
Before you can deploy an Anthos cluster on Azure, you need to create an Azure
virtual network (VNet) in which your cluster will run. This page explains how to
do that.
However, before creating an Azure VNet, we recommend that you create a new
resource group for the VNet that is separate from the resource group you will
create later for your GKE on Azure. This separation can help better
organize and manage your resources.
To create a new resource group for your Azure VNet, run the following command:
Now that you have created a resource group for your Azure Vnet, perform the
following steps to create a VNet with a default subnet, and attach a NAT gateway
to that subnet:
To create a new VNet with a default subnet, run the following command:
VNET_RESOURCE_GROUP_NAME: the name of the resource
group for your VNet that you created at the beginning of this document
VNET_ADDRESS_PREFIXES: a space-separated list of
IP address prefixes in CIDR notation—for example10.0.0.0/16 172.16.0.0/12
To create an IP address for a new NAT gateway, attach a NAT gateway to the
IP address, and attach the NAT gateway to the default subnet, run the
following commands:
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-04 UTC."],[],[],null,["# Create an Azure virtual network\n===============================\n\nBefore you can deploy an Anthos cluster on Azure, you need to create an Azure\nvirtual network (VNet) in which your cluster will run. This page explains how to\ndo that.\n\nHowever, before creating an Azure VNet, we recommend that you create a new\nresource group for the VNet that is separate from the resource group you will\ncreate later for your GKE on Azure. This separation can help better\norganize and manage your resources.\n\nTo create a new resource group for your Azure VNet, run the following command: \n\n az group create --name \"\u003cvar translate=\"no\"\u003eVNET_RESOURCE_GROUP_NAME\u003c/var\u003e\" \\\n --location \"\u003cvar translate=\"no\"\u003eAZURE_REGION\u003c/var\u003e\"\n\nReplace the following:\n\n- \u003cvar translate=\"no\"\u003eVNET_RESOURCE_GROUP_NAME\u003c/var\u003e: the name of the resource group for your GKE on Azure VNet\n- \u003cvar translate=\"no\"\u003eAZURE_REGION\u003c/var\u003e: a [supported Azure region](/kubernetes-engine/multi-cloud/docs/azure/reference/supported-regions)---for example `westus2`\n\nNow that you have created a resource group for your Azure Vnet, perform the\nfollowing steps to create a VNet with a default subnet, and attach a NAT gateway\nto that subnet:\n\n1. To create a new VNet with a default subnet, run the following command:\n\n az network vnet create \\\n --name \"\u003cvar translate=\"no\"\u003eVNET_NAME\u003c/var\u003e\" \\\n --location \"\u003cvar translate=\"no\"\u003eAZURE_REGION\u003c/var\u003e\" \\\n --resource-group \"\u003cvar translate=\"no\"\u003eVNET_RESOURCE_GROUP_NAME\u003c/var\u003e\" \\\n --address-prefixes \u003cvar translate=\"no\"\u003eVNET_ADDRESS_PREFIXES\u003c/var\u003e \\\n --subnet-name default\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eVNET_NAME\u003c/var\u003e: the name of your VNet\n - \u003cvar translate=\"no\"\u003eAZURE_REGION\u003c/var\u003e: the Azure region used previously\n - \u003cvar translate=\"no\"\u003eVNET_RESOURCE_GROUP_NAME\u003c/var\u003e: the name of the resource group for your VNet that you created at the beginning of this document\n - \u003cvar translate=\"no\"\u003eVNET_ADDRESS_PREFIXES\u003c/var\u003e: a space-separated list of IP address prefixes in CIDR notation---for example `10.0.0.0/16 172.16.0.0/12`\n2. To create an IP address for a new NAT gateway, attach a NAT gateway to the\n IP address, and attach the NAT gateway to the default subnet, run the\n following commands:\n\n az network public-ip create \\\n --name \"\u003cvar translate=\"no\"\u003eNAT_GATEWAY_NAME\u003c/var\u003e-ip\" \\\n --location \"\u003cvar translate=\"no\"\u003eAZURE_REGION\u003c/var\u003e\" \\\n --resource-group \"\u003cvar translate=\"no\"\u003eVNET_RESOURCE_GROUP_NAME\u003c/var\u003e\" \\\n --allocation-method Static \\\n --sku Standard\n\n az network nat gateway create \\\n --name \"\u003cvar translate=\"no\"\u003eNAT_GATEWAY_NAME\u003c/var\u003e\" \\\n --location \"\u003cvar translate=\"no\"\u003eAZURE_REGION\u003c/var\u003e\" \\\n --resource-group \"\u003cvar translate=\"no\"\u003eVNET_RESOURCE_GROUP_NAME\u003c/var\u003e\" \\\n --public-ip-addresses \"\u003cvar translate=\"no\"\u003eNAT_GATEWAY_NAME\u003c/var\u003e-ip\" \\\n --idle-timeout 10\n\n az network vnet subnet update \\\n --name default \\\n --vnet-name \"\u003cvar translate=\"no\"\u003eVNET_NAME\u003c/var\u003e\" \\\n --resource-group \"\u003cvar translate=\"no\"\u003eVNET_RESOURCE_GROUP_NAME\u003c/var\u003e\" \\\n --nat-gateway \"\u003cvar translate=\"no\"\u003eNAT_GATEWAY_NAME\u003c/var\u003e\"\n\n Replace the following:\n - \u003cvar translate=\"no\"\u003eNAT_GATEWAY_NAME\u003c/var\u003e: the name of the new NAT gateway\n - \u003cvar translate=\"no\"\u003eVNET_NAME\u003c/var\u003e: the name of your VNet\n - \u003cvar translate=\"no\"\u003eAZURE_REGION\u003c/var\u003e: the Azure region used previously\n - \u003cvar translate=\"no\"\u003eVNET_RESOURCE_GROUP_NAME\u003c/var\u003e: the name of the resource group for your VNet that you created at the beginning of this document\n\nWhat's next\n-----------\n\n- [Create an Azure resource group](/kubernetes-engine/multi-cloud/docs/azure/how-to/create-azure-resource-group)"]]
