I'm getting started using docker-machine on my Windows 2016 box. I'm trying to create some VMs in Azure but I have a particular network security group that I want for it to use and which already exists in Azure. I ran docker-machine create --driver azure and looked over the small help text which tells me how to set the resource group, subnet, etc but I don't see an option for network security group. Is there a way to specify an existing network security group for docker-machine to use when creating VMs in Azure?
Asked
Active
Viewed 336 times
0
sirdank
- 3,351
- 3
- 25
- 58
-
I'm not sure what are you expecting, are you aware that NSG is basically an iptables, what would that achieve? – 4c74356b41 Nov 14 '16 at 18:20
-
@4c74356b41 I'm not completely clear on the nature of NSGs but I don't see why I wouldn't be able to specify one that is already configured the way I want. – sirdank Nov 14 '16 at 19:12
1 Answers
0
Ok, so according to the documentation, you should use Subnet\VNet or Availability Set. The reason you are asking this is because you don't understand how NSG's work in Azure. NSG's are attached to a VNet or Subnet, so deploying a VM\Container into that Subnet\VNet will effectively attach that NSG to the entity you are deploying. But as the documentation states - "Once the machine is created, you can modify Network Security Group rules and open ports of the machine from the Azure Portal.".
So I suppose it creates a new NSG each time you deploy something, so there's no way to achieve that what you are trying (at least for now).
What you could try is deploy to an existing VNet and check if no new NSG are being created specifically for that container host which you are deploying. If that holds and you have an NSG in place, you've achieved what you want exactly.
4c74356b41
- 69,186
- 6
- 100
- 141