如何在 Azure 中创建具有委托子网的专用终结点?
How do I create a Private EndPoint that has a Delegated Subnet in Azure?
我已经创建了私有 Azure Kubernetes 服务。现在,我需要创建一个私有端点,将我现有的 VNET 连接到 AZ Kubernetes。
az network private-endpoint create
--name PrivateKubeApiEndpoint2
--resource-group hat-eastus2-nprd-rg
--vnet-name eastus-28828-nprd-vnet
--subnet eastus2-28828-nprd-snet
--private-connection-resource-id /subscriptions/***/resourcegroups/aks-demo2-rg/providers/Microsoft.ContainerService/managedClusters/aks-demo2-cluster
--group-ids management
--connection-name myKubeConnection
它给我一个错误提示:
(PrivateEndpointCreationNotAllowedAsSubnetIsDelegated) Private endpoint /subscriptions//resourceGroups/hat-eastus2-nprd-rg/providers/Microsoft.Network/privateEndpoints/PrivateKubeApiEndpoint2 cannot be created as subnet /subscriptions//resourceGroups/hat-eastus2-nprd-rg/providers/Microsoft.Network/virtualNetworks/eastus-28828-nprd-vnet/subnets/eastus2-28828-nprd-snet is delegated.
问题是:如何分配设置为委托的子网?
当然,不可能在委托子网中创建专用终结点。查看委托子网的限制 here,它显示:
cannot be used with a private endpoint if the subnet is delegated
我已经创建了私有 Azure Kubernetes 服务。现在,我需要创建一个私有端点,将我现有的 VNET 连接到 AZ Kubernetes。
az network private-endpoint create
--name PrivateKubeApiEndpoint2
--resource-group hat-eastus2-nprd-rg
--vnet-name eastus-28828-nprd-vnet
--subnet eastus2-28828-nprd-snet
--private-connection-resource-id /subscriptions/***/resourcegroups/aks-demo2-rg/providers/Microsoft.ContainerService/managedClusters/aks-demo2-cluster
--group-ids management
--connection-name myKubeConnection
它给我一个错误提示:
(PrivateEndpointCreationNotAllowedAsSubnetIsDelegated) Private endpoint /subscriptions//resourceGroups/hat-eastus2-nprd-rg/providers/Microsoft.Network/privateEndpoints/PrivateKubeApiEndpoint2 cannot be created as subnet /subscriptions//resourceGroups/hat-eastus2-nprd-rg/providers/Microsoft.Network/virtualNetworks/eastus-28828-nprd-vnet/subnets/eastus2-28828-nprd-snet is delegated.
问题是:如何分配设置为委托的子网?
当然,不可能在委托子网中创建专用终结点。查看委托子网的限制 here,它显示:
cannot be used with a private endpoint if the subnet is delegated