Create a VNet Peering Connection with Azure
- Capella Operational
- how-to
Use this procedure to create a VNet Peering connection between Capella hosted with Azure and your application’s VNet on Azure.
Prerequisites
To configure Couchbase Capella VNet peering with Microsoft Azure, you need the following:
-
An Azure user with the Global Administrator Role.
-
One of the following Capella roles:
-
The Azure Command Line Interface (CLI) installed and configured.
Procedure
-
In Capella, start the VNet peering configuration:
-
Open the cluster you want to peer with your application.
-
Click the Settings tab.
-
In the navigation pane, click VNet Peering.
-
Click Setup VNet Peering.
-
-
Confirm that you have a user with the Global Administrator Role.
-
Add your Azure configuration details to allow peering access:
- Azure Tenant ID
-
Enter your tenant ID. To find your tenant ID, see How to find your Azure Active Directory tenant ID.
- Azure Subscription ID
-
Enter your subscription ID. To find your subscription ID, see Find your Azure subscription.
- Resource Group Name
-
Enter the resource group name holding the resource you’re connecting with Capella.
- Virtual Network Name
-
Enter the name of the virtual network in Azure.
-
Click Allow Peering Access.
A new browser tab opens. Sign in to Azure if you have not already.
-
In Azure, accept Capella’s permissions request:
The Azure permissions request page is open in the new browser tab. Make a note of the application name and consent to the new permissions request. Consenting to this permission request creates a service principal that grants Capella access to the Azure tenant to perform VNet peering.
If you previously set up VNet peering with the same Azure tenant, you wont see the permissions request page as you already granted permission. On accepting the new permission, you automatically return to the Capella VNet peering page. The Capella VNet peering page shows a notice indicating that peering access is successful.
-
In Capella, add the Enterprise Application Object ID:
With consent now granted, find and add the enterprise application object ID for the Capella service principal. You can find the enterprise application object ID in Azure by selecting
. Next, select the application name—the same name shown when accepting the Azure permissions request. The object ID is in the Object ID box. -
Click Next.
-
Copy the role assignment command on this page and run it using Azure CLI.
This command assigns a new network contributor role. It scopes only to your specified subscription and the virtual network within that subscription. On success, the details of the role assignment are output in JSON.
-
Provide network details:
- VNet Peering Name
-
Enter a descriptive VNet peering name of your choice.
- CIDR Block
-
The virtual network CIDR block cannot overlap the CIDR that the cluster uses. Enter the CIDR block from the virtual network that you created in Azure. You can find the CIDR block in Azure by viewing the page for the virtual network and selecting Subnets.
-
Click Set Up VNet.
Do not refresh the browser while Capella configures the peering connection. Capella sets up the VNet peering connection, which can take several minutes. When successful, the new VNet peering connection is on the VNet peering list.