我想使用此模板为 DataLake Gen2 添加虚拟网络和子网
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"Region": {
"type": "string",
"defaultValue": "DE",
"allowedValues": [ "DE", "ES", "FR", "DK", "PL", "NL", "BE", "PT" ]
},
"Location": {
"type": "string",
"defaultValue": "West Europe"
},
"SubscriptionName": {
"type": "string",
"defaultValue": "Subscription-DEV"
},
"Environment": {
"type": "string",
"defaultValue": "DEV"
},
"VnetCidr": {
"defaultValue": "127.27.0.0/16",
"type": "string",
"metadata": { "description": "Cidr range for the vnet." }
},
"PrivateSubnetCidr": {
"defaultValue": "127.27.0.0/18",
"type": "string",
"metadata": { "description": "Cidr range for the PrivateSubnet." }
},
"PublicSubnetCidr": {
"defaultValue": "127.27.64.0/18",
"type": "string",
"metadata": { "description": "Cidr range for the PublicSubnet." }
},
"SpokeSubnetCidr": {
"defaultValue": "127.27.128.0/18",
"type": "string",
"metadata": { "description": "Cidr range for the PublicSubnet." }
}
},
"variables": {
"ResourceGroupName": "[concat('analytical-',parameters('Region'))]",
"VirtualNetwork": "[concat('analytical-vnet-',toLower(parameters('Region')),'-',if(equals(parameters('Location'),'westeurope'),'we','ne'))]",
"Subnet": "[concat('analytical','-subnet-',toLower(parameters('Region')))]",
"DataLakeGen2": "[concat('analytical0',tolower(parameters('Environment')),'0dls20',if(equals(parameters('Location'),'westeurope'),'we','ne'))]",
"NSGDatabricks": "[concat('analytical-nsg-',toLower(parameters('Region')),'-','databricks-',if(equals(parameters('Location'),'westeurope'),'we','ne'))]",
"PrivateEndPointStorageAccount": "[concat('analytical0pep0',tolower(parameters('Region')),if(equals(parameters('Location'),'westeurope'),'0we','0ne'))]",
"DNSZoneName": "[concat('privatelink.blob.core.windows.net' )]",
"DatabricksPrivateSubnet": "[concat(variables('Subnet'),'-dbrprivate')]",
"DatabricksPublicSubnet": "[concat(variables('Subnet'),'-dbrpublic')]",
"DatabricksSpokeSubnet": "[concat(variables('Subnet'),'-dbrspoke')]",
"Databricks": "[concat('analytical-dbr-',toLower(parameters('Region')),'-',if(equals(parameters('Location'),'westeurope'),'we','ne'))]",
"vnetId": "[concat('/subscriptions/',subscription().subscriptionId,'/resourceGroups/',variables('ResourceGroupName'),'/providers/Microsoft.Network/virtualNetworks/',variables('VirtualNetwork'))]",
"nsgId": "[concat('/subscriptions/',subscription().subscriptionId,'/resourceGroups/',variables('ResourceGroupName'),'/providers/Microsoft.Network/networkSecurityGroups/',variables('NSGDatabricks'))]",
"privateLinkServiceId": "[concat('/subscriptions/',subscription().subscriptionId, '/resourceGroups/beep-',toLower(parameters('Environment')),'/providers/Microsoft.Storage/storageAccounts/',variables('DataLakeGen2'))]",
"privateDnsZoneId": "[concat('/subscriptions/',subscription().subscriptionId, '/resourceGroups/',variables('ResourceGroupName'),'/providers/Microsoft.Network/privateDnsZones/',variables('DNSZoneName'))]",
"managedResourceGroupName": "[concat('databricks-rg-', variables('DataBricks'), '-', uniqueString(variables('DataBricks')))]"
},
"resources": [
{
"type": "Microsoft.Resources/resourceGroups",
"name": "[variables('ResourceGroupName')]",
"apiVersion": "2018-05-01",
"location": "[parameters('Location')]"
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-05-01",
"name": "[variables('ResourceGroupName')]",
"resourceGroup": "[concat('analytical-',parameters('Region'))]",
"dependsOn": [ "[resourceId('Microsoft.Resources/resourceGroups/',variables('ResourceGroupName'))]" ],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"apiVersion": "2019-06-01",
"type": "Microsoft.Network/networkSecurityGroups",
"location": "[parameters('Location')]",
"name": "[variables('NSGDatabricks')]",
"properties": {
"securityRules": [
{
"name": "Microsoft.Databricks-workspaces_UseOnly_databricks-worker-to-worker-inbound",
"properties": {
"description": "Required for worker nodes communication within a cluster.",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "VirtualNetwork",
"access": "Allow",
"priority": 100,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "Microsoft.Databricks-workspaces_UseOnly_databricks-control-plane-to-worker-proxy",
"properties": {
"description": "Required for Databricks control plane communication with worker nodes.",
"protocol": "tcp",
"sourcePortRange": "*",
"destinationPortRange": "5557",
"sourceAddressPrefix": "AzureDatabricks",
"destinationAddressPrefix": "VirtualNetwork",
"access": "Allow",
"priority": 102,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "Microsoft.Databricks-workspaces_UseOnly_databricks-control-plane-to-worker-ssh",
"properties": {
"description": "Required for Databricks control plane management of worker nodes.",
"protocol": "tcp",
"sourcePortRange": "*",
"destinationPortRange": "22",
"sourceAddressPrefix": "AzureDatabricks",
"destinationAddressPrefix": "VirtualNetwork",
"access": "Allow",
"priority": 101,
"direction": "Inbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "Microsoft.Databricks-workspaces_UseOnly_databricks-worker-to-databricks-webapp",
"properties": {
"description": "Required for workers communication with Databricks Webapp.",
"protocol": "tcp",
"sourcePortRange": "*",
"destinationPortRange": "443",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "AzureDatabricks",
"access": "Allow",
"priority": 100,
"direction": "Outbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "Microsoft.Databricks-workspaces_UseOnly_databricks-worker-to-sql",
"properties": {
"description": "Required for workers communication with Azure SQL services.",
"protocol": "tcp",
"sourcePortRange": "*",
"destinationPortRange": "3306",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "Sql",
"access": "Allow",
"priority": 101,
"direction": "Outbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "Microsoft.Databricks-workspaces_UseOnly_databricks-worker-to-storage",
"properties": {
"description": "Required for workers communication with Azure Storage services.",
"protocol": "tcp",
"sourcePortRange": "*",
"destinationPortRange": "443",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "Storage",
"access": "Allow",
"priority": 102,
"direction": "Outbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "Microsoft.Databricks-workspaces_UseOnly_databricks-worker-to-eventhub",
"properties": {
"description": "Required for worker communication with Azure Eventhub services.",
"protocol": "tcp",
"sourcePortRange": "*",
"destinationPortRange": "9093",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "EventHub",
"access": "Allow",
"priority": 104,
"direction": "Outbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
},
{
"name": "Microsoft.Databricks-workspaces_UseOnly_databricks-worker-to-worker-outbound",
"properties": {
"description": "Required for worker nodes communication within a cluster.",
"protocol": "*",
"sourcePortRange": "*",
"destinationPortRange": "*",
"sourceAddressPrefix": "VirtualNetwork",
"destinationAddressPrefix": "VirtualNetwork",
"access": "Allow",
"priority": 103,
"direction": "Outbound",
"sourcePortRanges": [],
"destinationPortRanges": [],
"sourceAddressPrefixes": [],
"destinationAddressPrefixes": []
}
}
]
}
},
{
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2020-04-01",
"name": "[variables('VirtualNetwork')]",
"location": "[parameters('Location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [ "[parameters('VnetCidr')]" ]
}
},
"dependsOn": [ "[variables('NSGDatabricks')]" ],
"resources": [
{
"type": "Microsoft.Network/virtualNetworks/subnets",
"apiVersion": "2020-05-01",
"name": "[concat(variables('VirtualNetwork'), '/',variables('DatabricksPrivateSubnet'))]",
"dependsOn": [ "[variables('VirtualNetwork')]" ],
"properties": {
"addressPrefix": "[parameters('PrivateSubnetCidr')]",
"networkSecurityGroup": { "id": "[variables('nsgId')]" },
"serviceEndpoints": [
{
"service": "Microsoft.Storage"
}
],
"delegations": [
{
"name": "databricks-del-private",
"properties": { "serviceName": "Microsoft.Databricks/workspaces" }
}
]
}
},
{
"type": "Microsoft.Network/virtualNetworks/subnets",
"apiVersion": "2020-05-01",
"name": "[concat(variables('VirtualNetwork'), '/',variables('DatabricksPublicSubnet'))]",
"dependsOn": [ "[variables('VirtualNetwork')]", "[variables('DatabricksPrivateSubnet')]" ],
"properties": {
"addressPrefix": "[parameters('PublicSubnetCidr')]",
"networkSecurityGroup": { "id": "[variables('nsgId')]" },
"serviceEndpoints": [
{
"service": "Microsoft.Storage"
}
],
"delegations": [
{
"name": "databricks-del-public",
"properties": { "serviceName": "Microsoft.Databricks/workspaces" }
}
]
}
},
{
"type": "Microsoft.Network/virtualNetworks/subnets",
"apiVersion": "2020-05-01",
"name": "[concat(variables('VirtualNetwork'), '/',variables('DatabricksSpokeSubnet'))]",
"dependsOn": [ "[variables('VirtualNetwork')]", "[variables('DatabricksPrivateSubnet')]", "[variables('DatabricksPublicSubnet')]" ],
"properties": {
"addressPrefix": "[parameters('SpokeSubnetCidr')]",
"privateEndpointNetworkPolicies": "Disabled",
"delegations": []
}
}
]
},
{
"type": "Microsoft.Databricks/workspaces",
"apiVersion": "2018-04-01",
"name": "[variables('Databricks')]",
"location": "[parameters('Location')]",
"properties": {
"managedResourceGroupId": "[concat(subscription().id, '/resourceGroups/', variables('managedResourceGroupName'))]",
"parameters": {
"customVirtualNetworkId": { "value": "[variables('vnetId')]" },
"customPublicSubnetName": { "value": "[variables('DatabricksPublicSubnet')]" },
"customPrivateSubnetName": { "value": "[variables('DatabricksPrivateSubnet')]" }
}
},
"dependsOn": [ "[variables('VirtualNetwork')]", "[variables('DatabricksPrivateSubnet')]", "[variables('DatabricksPublicSubnet')]", "[variables('DatabricksSpokeSubnet')]" ]
},
{
"type": "Microsoft.Network/privateDnsZones",
"apiVersion": "2018-09-01",
"name": "[variables('DNSZoneName')]",
"location": "global"
}
],
"outputs": {}
}
}
},
{
"type": "Microsoft.Resources/deployments",
"apiVersion": "2019-05-01",
"name": "[concat('beep-',parameters('Environment'),'-',parameters('Region'))]",
"resourceGroup": "[concat('beep-',parameters('Environment'))]",
"dependsOn": [ "[variables('ResourceGroupName')]" ],
"properties": {
"mode": "Incremental",
"template": {
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {},
"variables": {},
"resources": [
{
"name": "[variables('DataLakeGen2')]",
"type": "Microsoft.Storage/storageAccounts",
"location": "[parameters('Location')]",
"apiVersion": "2019-06-01",
"sku": {
"name": "Standard_LRS",
"tier": "Standard"
},
"kind": "StorageV2",
"properties": {
"networkAcls": {
"bypass": "AzureServices",
"defaultAction": "Deny",
"virtualNetworkRules": [
{
"id": "[concat(variables('vnetId'),'/subnets/',variables('DatabricksPublicSubnet'))]",
"action": "Allow"
//"state": "succeeded"
},
{
"id": "[concat(variables('vnetId'),'/subnets/',variables('DatabricksPrivateSubnet'))]",
"action": "Allow"
//"state": "succeeded"
}
]
},
"supportsHttpsTrafficOnly": true,
"encryption": {
"services": {
"file": { "enabled": true },
"blob": { "enabled": true }
},
"keySource": "Microsoft.Storage"
},
"accessTier": "Hot"
}
},
{
"type": "Microsoft.Network/privateEndpoints",
"apiVersion": "2020-05-01",
"name": "[variables('PrivateEndPointStorageAccount')]",
"location": "[parameters('Location')]",
"properties": {
"privateLinkServiceConnections": [
{
"name": "[variables('PrivateEndPointStorageAccount')]",
"properties": {
"privateLinkServiceId": "[variables('privateLinkServiceId')]",
"groupIds": [ "blob" ],
"privateLinkServiceConnectionState": {
"status": "Approved",
"description": "Auto-Approved",
"actionsRequired": "None"
}
}
}
],
"manualPrivateLinkServiceConnections": [],
"subnet": { "id": "[concat(variables('vnetId'),'/subnets/',variables('DatabricksSpokeSubnet'))]" },
"customDnsConfigs": []
}
},
{
"type": "Microsoft.Network/privateEndpoints/privateDnsZoneGroups",
"apiVersion": "2020-05-01",
"location": "[parameters('Location')]",
"name": "[concat(variables('PrivateEndPointStorageAccount'), '/default')]",
"dependsOn": [ "[variables('PrivateEndPointStorageAccount')]" ],
"properties": {
"privateDnsZoneConfigs": [
{
"name": "[concat('privatelink-blob-core-windows-net')]",
"properties": { "privateDnsZoneId": "[variables('privateDnsZoneId')]" }
}
]
}
}
]
}
}
}
],
"outputs": {
"guidOutput": {
"type": "string",
"value": "[variables('privateDnsZoneId')]"
}
}
}
我通过这个 powershell 脚本部署我的模板:
$templatefile="Analytics\azuredeploy.json"
$parameterFile="Analytics\azuredeploy.parameter.json"
New-AzSubscriptionDeployment -TemplateFile $templatefile -TemplateParameterFile $parameterFile -Location westeurope
如您所见,一切都是参数化的。如果我第二次运行我的模板,旧子网将替换为新子网。你知道是什么原因造成的问题吗?