将用户分配的标识分配给 Azure VMSS 失败
Assigning User Assigned Identity to Azure VMSS fails
我有一个链接到 Service Fabric 群集的 VMSS 资源。我修改了 ARM 模板,使 VMSS 具有用户管理的标识。
"variables": {
"vmssApiVersion": "2017-03-30",
...
..
}
....
"resources": [
{
"type": "Microsoft.Compute/virtualMachineScaleSets",
"apiVersion": "[variables('vmssApiVersion')]",
"name": "[concat(variables('vmssNamePrefix'),
...
...
"identity": {
"type": "UserAssigned",
"identityIds": [
"/subscriptions/xxxxxxxxxxxxxxxxxxxxxx/resourceGroups/<RG>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<usrasgid>"
]
}
.....
.....
}
]
部署时,抛出错误
{
"status": "Failed",
"error": {
"code": "InvalidParameter",
"target": "resourceIdentity.type",
"message": "ResourceIdentity Type must be provided and set to \"SystemAssigned\"."
}
}
为什么要求我将托管标识设置为 SystemAssigned?如何将其设置为用户管理的身份?
我测试了旧版本,似乎在 API 版本 2017-03-30 中只允许 SystemAssigned。但是,当我使用 2018-06-01 时成功了。因此,作为解决方案,您可以使用以下方法解决问题:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"name": "ansumantestvmss",
"type": "Microsoft.Compute/virtualMachineScaleSets",
"apiVersion": "2018-06-01",
"location": "[resourceGroup().location]",
"identity": {
"type": "userAssigned",
"userAssignedIdentities": {
"[resourceID('Microsoft.ManagedIdentity/userAssignedIdentities/','ansumanmdid')]" : {}
}
},
"properties":{}
}
]
}
输出:
我有一个链接到 Service Fabric 群集的 VMSS 资源。我修改了 ARM 模板,使 VMSS 具有用户管理的标识。
"variables": {
"vmssApiVersion": "2017-03-30",
...
..
}
....
"resources": [
{
"type": "Microsoft.Compute/virtualMachineScaleSets",
"apiVersion": "[variables('vmssApiVersion')]",
"name": "[concat(variables('vmssNamePrefix'),
...
...
"identity": {
"type": "UserAssigned",
"identityIds": [
"/subscriptions/xxxxxxxxxxxxxxxxxxxxxx/resourceGroups/<RG>/providers/Microsoft.ManagedIdentity/userAssignedIdentities/<usrasgid>"
]
}
.....
.....
}
]
部署时,抛出错误
{
"status": "Failed",
"error": {
"code": "InvalidParameter",
"target": "resourceIdentity.type",
"message": "ResourceIdentity Type must be provided and set to \"SystemAssigned\"."
}
}
为什么要求我将托管标识设置为 SystemAssigned?如何将其设置为用户管理的身份?
我测试了旧版本,似乎在 API 版本 2017-03-30 中只允许 SystemAssigned。但是,当我使用 2018-06-01 时成功了。因此,作为解决方案,您可以使用以下方法解决问题:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"resources": [
{
"name": "ansumantestvmss",
"type": "Microsoft.Compute/virtualMachineScaleSets",
"apiVersion": "2018-06-01",
"location": "[resourceGroup().location]",
"identity": {
"type": "userAssigned",
"userAssignedIdentities": {
"[resourceID('Microsoft.ManagedIdentity/userAssignedIdentities/','ansumanmdid')]" : {}
}
},
"properties":{}
}
]
}
输出: