Azure - ARM 模板 - 创建具有完整部署的专用端点
Azure - ARM Templates - Create Private Endpoint with complete deployment
我正在尝试使用完整部署的 ARM 模板简单地部署具有专用终结点的 Azure 存储帐户。
模板如下:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string"
},
"storageAccountName": {
"type": "string"
},
"accountType": {
"type": "string"
},
"kind": {
"type": "string"
},
"accessTier": {
"type": "string"
},
"minimumTlsVersion": {
"type": "string"
},
"supportsHttpsTrafficOnly": {
"type": "bool"
},
"allowBlobPublicAccess": {
"type": "bool"
},
"allowSharedKeyAccess": {
"type": "bool"
},
"allowCrossTenantReplication": {
"type": "bool"
},
"defaultOAuth": {
"type": "bool"
},
"networkAclsBypass": {
"type": "string"
},
"networkAclsDefaultAction": {
"type": "string"
},
"keySource": {
"type": "string"
},
"encryptionEnabled": {
"type": "bool"
},
"keyTypeForTableAndQueueEncryption": {
"type": "string"
},
"infrastructureEncryptionEnabled": {
"type": "bool"
},
"isContainerRestoreEnabled": {
"type": "bool"
},
"isBlobSoftDeleteEnabled": {
"type": "bool"
},
"blobSoftDeleteRetentionDays": {
"type": "int"
},
"isContainerSoftDeleteEnabled": {
"type": "bool"
},
"containerSoftDeleteRetentionDays": {
"type": "int"
},
"changeFeed": {
"type": "bool"
},
"isVersioningEnabled": {
"type": "bool"
},
"isShareSoftDeleteEnabled": {
"type": "bool"
},
"shareSoftDeleteRetentionDays": {
"type": "int"
},
"privateEndpointName": {
"type": "string"
},
"privateEndpointConnectionName": {
"type": "string"
}
},
"functions": [],
"variables": {},
"resources": [
{
"name": "[parameters('storageAccountName')]",
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2021-08-01",
"location": "[parameters('location')]",
"properties": {
"accessTier": "[parameters('accessTier')]",
"minimumTlsVersion": "[parameters('minimumTlsVersion')]",
"supportsHttpsTrafficOnly": "[parameters('supportsHttpsTrafficOnly')]",
"allowBlobPublicAccess": "[parameters('allowBlobPublicAccess')]",
"allowSharedKeyAccess": "[parameters('allowSharedKeyAccess')]",
"allowCrossTenantReplication": "[parameters('allowCrossTenantReplication')]",
"defaultToOAuthAuthentication": "[parameters('defaultOAuth')]",
"networkAcls": {
"bypass": "[parameters('networkAclsBypass')]",
"defaultAction": "[parameters('networkAclsDefaultAction')]",
"ipRules": []
},
"encryption": {
"keySource": "[parameters('keySource')]",
"services": {
"blob": {
"enabled": "[parameters('encryptionEnabled')]"
},
"file": {
"enabled": "[parameters('encryptionEnabled')]"
},
"table": {
"enabled": "[parameters('encryptionEnabled')]"
},
"queue": {
"enabled": "[parameters('encryptionEnabled')]"
}
},
"requireInfrastructureEncryption": "[parameters('infrastructureEncryptionEnabled')]"
}
},
"dependsOn": [],
"sku": {
"name": "[parameters('accountType')]"
},
"kind": "[parameters('kind')]",
"tags": {}
},
{
"apiVersion": "2021-05-01",
"name": "[parameters('privateEndpointName')]",
"type": "Microsoft.Network/privateEndpoints",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))]"
],
"properties": {
"privateLinkServiceConnections": [
{
"id": "[concat(resourceGroup().id, '/providers/Microsoft.Network/privateEndpoints/privateLinkServiceConnections/', parameters('privateEndpointConnectionName'))]",
"name": "[parameters('privateEndpointConnectionName')]",
"properties": {
"privateLinkServiceId": "/subscriptions/<subID>/resourcegroups/test-aue-storg-dev/providers/Microsoft.Storage/storageAccounts/testauesto01dev",
"groupIds": ["blob"]
}
}
],
"manualPrivateLinkServiceConnections": [],
"subnet": {
"id": "/subscriptions/<subID>/resourceGroups/vnet-aue-rg/providers/Microsoft.Network/virtualNetworks/test-vnet-dev/subnets/test-subnet"
}
}
}
],
"outputs": {}
}
我遇到的问题是创建专用终结点会自动创建 NIC。因为这在原始 ARM 模板中未指定,所以在 'Complete' 部署中,部署会尝试在创建此 NIC 后将其删除。有人知道解决这个问题的方法吗?
提前致谢,
要实现上述要求首先你必须注册功能AllowPrivateEndpointCustomNicName,注册后你可以在ARM TEMPLETE 中创建nic 并将其附加到专用端点customNetworkInterfaceName。要显示该功能是否已注册,您可以使用下面的 cmd
az feature show --namespace Microsoft.Network --name AllowPrivateEndpointCustomNicName
要注册您可以在下面使用的功能:
az feature register --namespace Microsoft.Network --name AllowPrivateEndpointCustomNicName
一旦功能状态显示为已注册,请使用以下命令保存对提供商所做的更改。
az provider register -n Microsoft.Network
完成上述所有步骤后,您可以使用以下模板:
模板:-
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string"
},
"storageAccountName": {
"type": "string"
},
"accountType": {
"type": "string"
},
"kind": {
"type": "string"
},
"accessTier": {
"type": "string"
},
"minimumTlsVersion": {
"type": "string"
},
"supportsHttpsTrafficOnly": {
"type": "bool"
},
"allowBlobPublicAccess": {
"type": "bool"
},
"allowSharedKeyAccess": {
"type": "bool"
},
"allowCrossTenantReplication": {
"type": "bool"
},
"defaultOAuth": {
"type": "bool"
},
"networkAclsBypass": {
"type": "string"
},
"networkAclsDefaultAction": {
"type": "string"
},
"keySource": {
"type": "string"
},
"encryptionEnabled": {
"type": "bool"
},
"keyTypeForTableAndQueueEncryption": {
"type": "string"
},
"infrastructureEncryptionEnabled": {
"type": "bool"
},
"isContainerRestoreEnabled": {
"type": "bool"
},
"isBlobSoftDeleteEnabled": {
"type": "bool"
},
"blobSoftDeleteRetentionDays": {
"type": "int"
},
"isContainerSoftDeleteEnabled": {
"type": "bool"
},
"containerSoftDeleteRetentionDays": {
"type": "int"
},
"changeFeed": {
"type": "bool"
},
"isVersioningEnabled": {
"type": "bool"
},
"isShareSoftDeleteEnabled": {
"type": "bool"
},
"shareSoftDeleteRetentionDays": {
"type": "int"
},
"privateEndpointName": {
"type": "string"
},
"privateEndpointConnectionName": {
"type": "string"
}
},
"functions": [],
"variables": {},
"resources": [
{
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "2020-11-01",
"name": "ajaytestprivateendpoint-nic",
"location": "westus2",
"properties": {
"ipConfigurations": [
{
"name": "privateEndpointIpConfig.ajay",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[resourceId('RGNAME', 'Microsoft.Network/virtualNetworks/subnets','VNET NAME', 'subnet name')]"
},
"primary": true,
"privateIPAddressVersion": "IPv4"
}
}
],
"dnsSettings": {
"dnsServers": []
},
"enableAcceleratedNetworking": false,
"enableIPForwarding": false
}
},
{
"name": "[parameters('storageAccountName')]",
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2021-08-01",
"location": "[parameters('location')]",
"properties": {
"accessTier": "[parameters('accessTier')]",
"minimumTlsVersion": "[parameters('minimumTlsVersion')]",
"supportsHttpsTrafficOnly": "[parameters('supportsHttpsTrafficOnly')]",
"allowBlobPublicAccess": "[parameters('allowBlobPublicAccess')]",
"allowSharedKeyAccess": "[parameters('allowSharedKeyAccess')]",
"allowCrossTenantReplication": "[parameters('allowCrossTenantReplication')]",
"defaultToOAuthAuthentication": "[parameters('defaultOAuth')]",
"networkAcls": {
"bypass": "[parameters('networkAclsBypass')]",
"defaultAction": "[parameters('networkAclsDefaultAction')]",
"ipRules": []
},
"encryption": {
"keySource": "[parameters('keySource')]",
"services": {
"blob": {
"enabled": "[parameters('encryptionEnabled')]"
},
"file": {
"enabled": "[parameters('encryptionEnabled')]"
},
"table": {
"enabled": "[parameters('encryptionEnabled')]"
},
"queue": {
"enabled": "[parameters('encryptionEnabled')]"
}
},
"requireInfrastructureEncryption": "[parameters('infrastructureEncryptionEnabled')]"
}
},
"dependsOn": [],
"sku": {
"name": "[parameters('accountType')]"
},
"kind": "[parameters('kind')]",
"tags": {}
},
{
"apiVersion": "2021-05-01",
"name": "[parameters('privateEndpointName')]",
"type": "Microsoft.Network/privateEndpoints",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))]","[resourceId('Microsoft.Network/networkInterfaces','ajaytestprivateendpoint-nic')]"
],
"properties": {
"customNetworkInterfaceName": "[resourceId('Microsoft.Network/networkInterfaces','ajaytestprivateendpoint-nic')]",
"privateLinkServiceConnections": [
{
"id": "[concat(resourceGroup().id, '/providers/Microsoft.Network/privateEndpoints/privateLinkServiceConnections/', parameters('privateEndpointConnectionName'))]",
"name": "[parameters('privateEndpointConnectionName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]",
"groupIds": ["blob"]
}
}
],
"manualPrivateLinkServiceConnections": [],
"subnet": {
"id": "[resourceId('RGNAME', 'Microsoft.Network/virtualNetworks/subnets','vnetname', 'subnetname')]"
}
}
}
],
"outputs": {}
}
我正在尝试使用完整部署的 ARM 模板简单地部署具有专用终结点的 Azure 存储帐户。
模板如下:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string"
},
"storageAccountName": {
"type": "string"
},
"accountType": {
"type": "string"
},
"kind": {
"type": "string"
},
"accessTier": {
"type": "string"
},
"minimumTlsVersion": {
"type": "string"
},
"supportsHttpsTrafficOnly": {
"type": "bool"
},
"allowBlobPublicAccess": {
"type": "bool"
},
"allowSharedKeyAccess": {
"type": "bool"
},
"allowCrossTenantReplication": {
"type": "bool"
},
"defaultOAuth": {
"type": "bool"
},
"networkAclsBypass": {
"type": "string"
},
"networkAclsDefaultAction": {
"type": "string"
},
"keySource": {
"type": "string"
},
"encryptionEnabled": {
"type": "bool"
},
"keyTypeForTableAndQueueEncryption": {
"type": "string"
},
"infrastructureEncryptionEnabled": {
"type": "bool"
},
"isContainerRestoreEnabled": {
"type": "bool"
},
"isBlobSoftDeleteEnabled": {
"type": "bool"
},
"blobSoftDeleteRetentionDays": {
"type": "int"
},
"isContainerSoftDeleteEnabled": {
"type": "bool"
},
"containerSoftDeleteRetentionDays": {
"type": "int"
},
"changeFeed": {
"type": "bool"
},
"isVersioningEnabled": {
"type": "bool"
},
"isShareSoftDeleteEnabled": {
"type": "bool"
},
"shareSoftDeleteRetentionDays": {
"type": "int"
},
"privateEndpointName": {
"type": "string"
},
"privateEndpointConnectionName": {
"type": "string"
}
},
"functions": [],
"variables": {},
"resources": [
{
"name": "[parameters('storageAccountName')]",
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2021-08-01",
"location": "[parameters('location')]",
"properties": {
"accessTier": "[parameters('accessTier')]",
"minimumTlsVersion": "[parameters('minimumTlsVersion')]",
"supportsHttpsTrafficOnly": "[parameters('supportsHttpsTrafficOnly')]",
"allowBlobPublicAccess": "[parameters('allowBlobPublicAccess')]",
"allowSharedKeyAccess": "[parameters('allowSharedKeyAccess')]",
"allowCrossTenantReplication": "[parameters('allowCrossTenantReplication')]",
"defaultToOAuthAuthentication": "[parameters('defaultOAuth')]",
"networkAcls": {
"bypass": "[parameters('networkAclsBypass')]",
"defaultAction": "[parameters('networkAclsDefaultAction')]",
"ipRules": []
},
"encryption": {
"keySource": "[parameters('keySource')]",
"services": {
"blob": {
"enabled": "[parameters('encryptionEnabled')]"
},
"file": {
"enabled": "[parameters('encryptionEnabled')]"
},
"table": {
"enabled": "[parameters('encryptionEnabled')]"
},
"queue": {
"enabled": "[parameters('encryptionEnabled')]"
}
},
"requireInfrastructureEncryption": "[parameters('infrastructureEncryptionEnabled')]"
}
},
"dependsOn": [],
"sku": {
"name": "[parameters('accountType')]"
},
"kind": "[parameters('kind')]",
"tags": {}
},
{
"apiVersion": "2021-05-01",
"name": "[parameters('privateEndpointName')]",
"type": "Microsoft.Network/privateEndpoints",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))]"
],
"properties": {
"privateLinkServiceConnections": [
{
"id": "[concat(resourceGroup().id, '/providers/Microsoft.Network/privateEndpoints/privateLinkServiceConnections/', parameters('privateEndpointConnectionName'))]",
"name": "[parameters('privateEndpointConnectionName')]",
"properties": {
"privateLinkServiceId": "/subscriptions/<subID>/resourcegroups/test-aue-storg-dev/providers/Microsoft.Storage/storageAccounts/testauesto01dev",
"groupIds": ["blob"]
}
}
],
"manualPrivateLinkServiceConnections": [],
"subnet": {
"id": "/subscriptions/<subID>/resourceGroups/vnet-aue-rg/providers/Microsoft.Network/virtualNetworks/test-vnet-dev/subnets/test-subnet"
}
}
}
],
"outputs": {}
}
我遇到的问题是创建专用终结点会自动创建 NIC。因为这在原始 ARM 模板中未指定,所以在 'Complete' 部署中,部署会尝试在创建此 NIC 后将其删除。有人知道解决这个问题的方法吗?
提前致谢,
要实现上述要求首先你必须注册功能AllowPrivateEndpointCustomNicName,注册后你可以在ARM TEMPLETE 中创建nic 并将其附加到专用端点customNetworkInterfaceName。要显示该功能是否已注册,您可以使用下面的 cmd
az feature show --namespace Microsoft.Network --name AllowPrivateEndpointCustomNicName
要注册您可以在下面使用的功能:
az feature register --namespace Microsoft.Network --name AllowPrivateEndpointCustomNicName
az provider register -n Microsoft.Network
完成上述所有步骤后,您可以使用以下模板:
模板:-
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string"
},
"storageAccountName": {
"type": "string"
},
"accountType": {
"type": "string"
},
"kind": {
"type": "string"
},
"accessTier": {
"type": "string"
},
"minimumTlsVersion": {
"type": "string"
},
"supportsHttpsTrafficOnly": {
"type": "bool"
},
"allowBlobPublicAccess": {
"type": "bool"
},
"allowSharedKeyAccess": {
"type": "bool"
},
"allowCrossTenantReplication": {
"type": "bool"
},
"defaultOAuth": {
"type": "bool"
},
"networkAclsBypass": {
"type": "string"
},
"networkAclsDefaultAction": {
"type": "string"
},
"keySource": {
"type": "string"
},
"encryptionEnabled": {
"type": "bool"
},
"keyTypeForTableAndQueueEncryption": {
"type": "string"
},
"infrastructureEncryptionEnabled": {
"type": "bool"
},
"isContainerRestoreEnabled": {
"type": "bool"
},
"isBlobSoftDeleteEnabled": {
"type": "bool"
},
"blobSoftDeleteRetentionDays": {
"type": "int"
},
"isContainerSoftDeleteEnabled": {
"type": "bool"
},
"containerSoftDeleteRetentionDays": {
"type": "int"
},
"changeFeed": {
"type": "bool"
},
"isVersioningEnabled": {
"type": "bool"
},
"isShareSoftDeleteEnabled": {
"type": "bool"
},
"shareSoftDeleteRetentionDays": {
"type": "int"
},
"privateEndpointName": {
"type": "string"
},
"privateEndpointConnectionName": {
"type": "string"
}
},
"functions": [],
"variables": {},
"resources": [
{
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "2020-11-01",
"name": "ajaytestprivateendpoint-nic",
"location": "westus2",
"properties": {
"ipConfigurations": [
{
"name": "privateEndpointIpConfig.ajay",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"subnet": {
"id": "[resourceId('RGNAME', 'Microsoft.Network/virtualNetworks/subnets','VNET NAME', 'subnet name')]"
},
"primary": true,
"privateIPAddressVersion": "IPv4"
}
}
],
"dnsSettings": {
"dnsServers": []
},
"enableAcceleratedNetworking": false,
"enableIPForwarding": false
}
},
{
"name": "[parameters('storageAccountName')]",
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2021-08-01",
"location": "[parameters('location')]",
"properties": {
"accessTier": "[parameters('accessTier')]",
"minimumTlsVersion": "[parameters('minimumTlsVersion')]",
"supportsHttpsTrafficOnly": "[parameters('supportsHttpsTrafficOnly')]",
"allowBlobPublicAccess": "[parameters('allowBlobPublicAccess')]",
"allowSharedKeyAccess": "[parameters('allowSharedKeyAccess')]",
"allowCrossTenantReplication": "[parameters('allowCrossTenantReplication')]",
"defaultToOAuthAuthentication": "[parameters('defaultOAuth')]",
"networkAcls": {
"bypass": "[parameters('networkAclsBypass')]",
"defaultAction": "[parameters('networkAclsDefaultAction')]",
"ipRules": []
},
"encryption": {
"keySource": "[parameters('keySource')]",
"services": {
"blob": {
"enabled": "[parameters('encryptionEnabled')]"
},
"file": {
"enabled": "[parameters('encryptionEnabled')]"
},
"table": {
"enabled": "[parameters('encryptionEnabled')]"
},
"queue": {
"enabled": "[parameters('encryptionEnabled')]"
}
},
"requireInfrastructureEncryption": "[parameters('infrastructureEncryptionEnabled')]"
}
},
"dependsOn": [],
"sku": {
"name": "[parameters('accountType')]"
},
"kind": "[parameters('kind')]",
"tags": {}
},
{
"apiVersion": "2021-05-01",
"name": "[parameters('privateEndpointName')]",
"type": "Microsoft.Network/privateEndpoints",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))]","[resourceId('Microsoft.Network/networkInterfaces','ajaytestprivateendpoint-nic')]"
],
"properties": {
"customNetworkInterfaceName": "[resourceId('Microsoft.Network/networkInterfaces','ajaytestprivateendpoint-nic')]",
"privateLinkServiceConnections": [
{
"id": "[concat(resourceGroup().id, '/providers/Microsoft.Network/privateEndpoints/privateLinkServiceConnections/', parameters('privateEndpointConnectionName'))]",
"name": "[parameters('privateEndpointConnectionName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]",
"groupIds": ["blob"]
}
}
],
"manualPrivateLinkServiceConnections": [],
"subnet": {
"id": "[resourceId('RGNAME', 'Microsoft.Network/virtualNetworks/subnets','vnetname', 'subnetname')]"
}
}
}
],
"outputs": {}
}