0

我正在尝试使用完整部署的 ARM 模板简单地部署具有专用终结点的 Azure 存储帐户。

模板如下:

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "location": {
      "type": "string"
    },
    "storageAccountName": {
      "type": "string"
    },
    "accountType": {
      "type": "string"
    },
    "kind": {
      "type": "string"
    },
    "accessTier": {
      "type": "string"
    },
    "minimumTlsVersion": {
      "type": "string"
    },
    "supportsHttpsTrafficOnly": {
      "type": "bool"
    },
    "allowBlobPublicAccess": {
      "type": "bool"
    },
    "allowSharedKeyAccess": {
      "type": "bool"
    },
    "allowCrossTenantReplication": {
      "type": "bool"
    },
    "defaultOAuth": {
      "type": "bool"
    },
    "networkAclsBypass": {
      "type": "string"
    },
    "networkAclsDefaultAction": {
      "type": "string"
    },
    "keySource": {
      "type": "string"
    },
    "encryptionEnabled": {
      "type": "bool"
    },
    "keyTypeForTableAndQueueEncryption": {
      "type": "string"
    },
    "infrastructureEncryptionEnabled": {
      "type": "bool"
    },
    "isContainerRestoreEnabled": {
      "type": "bool"
    },
    "isBlobSoftDeleteEnabled": {
      "type": "bool"
    },
    "blobSoftDeleteRetentionDays": {
      "type": "int"
    },
    "isContainerSoftDeleteEnabled": {
      "type": "bool"
    },
    "containerSoftDeleteRetentionDays": {
      "type": "int"
    },
    "changeFeed": {
      "type": "bool"
    },
    "isVersioningEnabled": {
      "type": "bool"
    },
    "isShareSoftDeleteEnabled": {
      "type": "bool"
    },
    "shareSoftDeleteRetentionDays": {
      "type": "int"
    },
    "privateEndpointName": {
      "type": "string"
    },
    "privateEndpointConnectionName": {
      "type": "string"
    }
  },
  "functions": [],
  "variables": {},
  "resources": [
    {
      "name": "[parameters('storageAccountName')]",
      "type": "Microsoft.Storage/storageAccounts",
      "apiVersion": "2021-08-01",
      "location": "[parameters('location')]",
      "properties": {
        "accessTier": "[parameters('accessTier')]",
        "minimumTlsVersion": "[parameters('minimumTlsVersion')]",
        "supportsHttpsTrafficOnly": "[parameters('supportsHttpsTrafficOnly')]",
        "allowBlobPublicAccess": "[parameters('allowBlobPublicAccess')]",
        "allowSharedKeyAccess": "[parameters('allowSharedKeyAccess')]",
        "allowCrossTenantReplication": "[parameters('allowCrossTenantReplication')]",
        "defaultToOAuthAuthentication": "[parameters('defaultOAuth')]",
        "networkAcls": {
          "bypass": "[parameters('networkAclsBypass')]",
          "defaultAction": "[parameters('networkAclsDefaultAction')]",
          "ipRules": []
        },
        "encryption": {
          "keySource": "[parameters('keySource')]",
          "services": {
            "blob": {
              "enabled": "[parameters('encryptionEnabled')]"
            },
            "file": {
              "enabled": "[parameters('encryptionEnabled')]"
            },
            "table": {
              "enabled": "[parameters('encryptionEnabled')]"
            },
            "queue": {
              "enabled": "[parameters('encryptionEnabled')]"
            }
          },
          "requireInfrastructureEncryption": "[parameters('infrastructureEncryptionEnabled')]"
        }
      },
      "dependsOn": [],
      "sku": {
        "name": "[parameters('accountType')]"
      },
      "kind": "[parameters('kind')]",
      "tags": {}
    },
    {
      "apiVersion": "2021-05-01",
      "name": "[parameters('privateEndpointName')]",
      "type": "Microsoft.Network/privateEndpoints",
      "location": "[parameters('location')]",
      "dependsOn": [
        "[resourceId('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))]"
      ],
      "properties": {
        "privateLinkServiceConnections": [
          {
            "id": "[concat(resourceGroup().id, '/providers/Microsoft.Network/privateEndpoints/privateLinkServiceConnections/', parameters('privateEndpointConnectionName'))]",
            "name": "[parameters('privateEndpointConnectionName')]",
            "properties": {
              "privateLinkServiceId": "/subscriptions/<subID>/resourcegroups/test-aue-storg-dev/providers/Microsoft.Storage/storageAccounts/testauesto01dev",
              "groupIds": ["blob"]
            }
          }
        ],
        "manualPrivateLinkServiceConnections": [],
        "subnet": {
          "id": "/subscriptions/<subID>/resourceGroups/vnet-aue-rg/providers/Microsoft.Network/virtualNetworks/test-vnet-dev/subnets/test-subnet"
        }
      }
    }
  ],
  "outputs": {}
}

我遇到的问题是私有端点的创建会自动创建一个 NIC。因为这在原始 ARM 模板中没有指定,所以使用“完成”部署,部署会在创建此 NIC 后尝试删除它。有谁知道解决这个问题的方法?

提前致谢,

4

1 回答 1

1

要实现上述要求,首先您必须注册该功能AllowPrivateEndpointCustomNicName,注册后您可以在 ARM TEMPLETE 中创建 nic 并将其附加到私有端点customNetworkInterfaceName。要显示该功能是否已注册,您可以使用以下内容cmd

az feature show --namespace Microsoft.Network --name AllowPrivateEndpointCustomNicName

要注册该功能,您可以使用以下功能:

az feature register --namespace Microsoft.Network --name AllowPrivateEndpointCustomNicName 

在此处输入图像描述 一旦功能状态显示为已注册,请使用以下 cmd 将所做的更改保存到提供程序。

az provider register -n Microsoft.Network

完成上述所有步骤后,您可以使用以下模板:

模板:-

{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string"
},

"storageAccountName": {
"type": "string"
},
"accountType": {
"type": "string"
},
"kind": {
"type": "string"
},
"accessTier": {
"type": "string"
},
"minimumTlsVersion": {
"type": "string"
},
"supportsHttpsTrafficOnly": {
"type": "bool"
},
"allowBlobPublicAccess": {
"type": "bool"
},
"allowSharedKeyAccess": {
"type": "bool"
},
"allowCrossTenantReplication": {
"type": "bool"
},
"defaultOAuth": {
"type": "bool"
},
"networkAclsBypass": {
"type": "string"
},
"networkAclsDefaultAction": {
"type": "string"
},
"keySource": {
"type": "string"
},
"encryptionEnabled": {
"type": "bool"
},
"keyTypeForTableAndQueueEncryption": {
"type": "string"
},
"infrastructureEncryptionEnabled": {
"type": "bool"
},
"isContainerRestoreEnabled": {
"type": "bool"
},
"isBlobSoftDeleteEnabled": {
"type": "bool"
},
"blobSoftDeleteRetentionDays": {
"type": "int"
},
"isContainerSoftDeleteEnabled": {
"type": "bool"
},
"containerSoftDeleteRetentionDays": {
"type": "int"
},
"changeFeed": {
"type": "bool"
},
"isVersioningEnabled": {
"type": "bool"
},
"isShareSoftDeleteEnabled": {
"type": "bool"
},
"shareSoftDeleteRetentionDays": {
"type": "int"
},
"privateEndpointName": {
"type": "string"
},
"privateEndpointConnectionName": {
"type": "string"
}
},
"functions": [],
"variables": {},
"resources": [
{

"type": "Microsoft.Network/networkInterfaces",

"apiVersion": "2020-11-01",

"name": "ajaytestprivateendpoint-nic",

"location": "westus2",

"properties": {

"ipConfigurations": [

{

"name": "privateEndpointIpConfig.ajay",

"properties": {

"privateIPAllocationMethod": "Dynamic",

"subnet": {

"id": "[resourceId('RGNAME', 'Microsoft.Network/virtualNetworks/subnets','VNET NAME', 'subnet name')]"

},

"primary": true,

"privateIPAddressVersion": "IPv4"

}

}

],

"dnsSettings": {

"dnsServers": []

},
"enableAcceleratedNetworking": false,
"enableIPForwarding": false
}
},   
                
{
"name": "[parameters('storageAccountName')]",
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2021-08-01",
"location": "[parameters('location')]",
"properties": {
"accessTier": "[parameters('accessTier')]",
"minimumTlsVersion": "[parameters('minimumTlsVersion')]",
"supportsHttpsTrafficOnly": "[parameters('supportsHttpsTrafficOnly')]",
"allowBlobPublicAccess": "[parameters('allowBlobPublicAccess')]",
"allowSharedKeyAccess": "[parameters('allowSharedKeyAccess')]",
"allowCrossTenantReplication": "[parameters('allowCrossTenantReplication')]",
"defaultToOAuthAuthentication": "[parameters('defaultOAuth')]",
"networkAcls": {
"bypass": "[parameters('networkAclsBypass')]",
"defaultAction": "[parameters('networkAclsDefaultAction')]",
"ipRules": []
},
"encryption": {
"keySource": "[parameters('keySource')]",
"services": {
"blob": {
"enabled": "[parameters('encryptionEnabled')]"
},
"file": {
"enabled": "[parameters('encryptionEnabled')]"
},
"table": {
"enabled": "[parameters('encryptionEnabled')]"
},
"queue": {
"enabled": "[parameters('encryptionEnabled')]"
}
},
"requireInfrastructureEncryption": "[parameters('infrastructureEncryptionEnabled')]"
}
},
"dependsOn": [],
"sku": {
"name": "[parameters('accountType')]"
},
"kind": "[parameters('kind')]",
"tags": {}
},
{
"apiVersion": "2021-05-01",
"name": "[parameters('privateEndpointName')]",
"type": "Microsoft.Network/privateEndpoints",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/', parameters('storageAccountName'))]","[resourceId('Microsoft.Network/networkInterfaces','ajaytestprivateendpoint-nic')]"
],
"properties": {
"customNetworkInterfaceName": "[resourceId('Microsoft.Network/networkInterfaces','ajaytestprivateendpoint-nic')]",                              
"privateLinkServiceConnections": [
{
"id": "[concat(resourceGroup().id, '/providers/Microsoft.Network/privateEndpoints/privateLinkServiceConnections/', parameters('privateEndpointConnectionName'))]",
"name": "[parameters('privateEndpointConnectionName')]",
"properties": {
"privateLinkServiceId": "[resourceId('Microsoft.Storage/storageAccounts', parameters('storageAccountName'))]",
"groupIds": ["blob"]
}
}
],
"manualPrivateLinkServiceConnections": [],
"subnet": {
"id": "[resourceId('RGNAME', 'Microsoft.Network/virtualNetworks/subnets','vnetname', 'subnetname')]"
}

}

}
],
"outputs": {}
}
于 2022-02-22T16:55:07.287 回答