快速入门:使用 Bicep 文件创建公共负载均衡器,以对 VM 进行负载均衡
本快速入门介绍如何使用 BICEP 文件来创建公共 Azure 负载均衡器。 公共负载均衡器将流量分配到位于负载均衡器后端池中的虚拟网络中的虚拟机。 除了公共负载均衡器之外,此模板还会创建虚拟网络、网络接口、NAT 网关和 Azure Bastion 实例。
与其他部署方法相比,使用 Bicep 文件需要的步骤更少。
Bicep 是一种特定于域的语言 (DSL),使用声明性语法来部署 Azure 资源。 它提供简明的语法、可靠的类型安全性以及对代码重用的支持。 Bicep 会针对你的 Azure 基础结构即代码解决方案提供最佳创作体验。
先决条件
如果没有 Azure 订阅,请在开始前创建一个试用版订阅。
查阅 Bicep 文件
本快速入门中使用的 Bicep 文件来自 Azure 快速入门模板。
负载均衡器和公共 IP SKU 必须匹配。 创建标准负载均衡器时,还必须创建一个作为该标准负载均衡器的前端配置的新标准公共 IP 地址。 若要创建基本负载均衡器,请使用此模板。 Azure 建议将标准 SKU 用于生产工作负荷。
@description('Specifies a project name that is used for generating resource names.')
param projectName string
@description('Specifies the location for all of the resources created by this template.')
param location string = resourceGroup().location
@description('Specifies the virtual machine administrator username.')
param adminUsername string
@description('Specifies the virtual machine administrator password.')
@secure()
param adminPassword string
@description('Size of the virtual machine')
param vmSize string = 'Standard_D2s_v3'
@description('The Windows version for the VM. This will pick a fully patched image of this given Windows version.')
@allowed([
'2016-datacenter-gensecond'
'2016-datacenter-server-core-g2'
'2016-datacenter-server-core-smalldisk-g2'
'2016-datacenter-smalldisk-g2'
'2016-datacenter-with-containers-g2'
'2016-datacenter-zhcn-g2'
'2019-datacenter-core-g2'
'2019-datacenter-core-smalldisk-g2'
'2019-datacenter-core-with-containers-g2'
'2019-datacenter-core-with-containers-smalldisk-g2'
'2019-datacenter-gensecond'
'2019-datacenter-smalldisk-g2'
'2019-datacenter-with-containers-g2'
'2019-datacenter-with-containers-smalldisk-g2'
'2019-datacenter-zhcn-g2'
'2022-datacenter-azure-edition'
'2022-datacenter-azure-edition-core'
'2022-datacenter-azure-edition-core-smalldisk'
'2022-datacenter-azure-edition-smalldisk'
'2022-datacenter-core-g2'
'2022-datacenter-core-smalldisk-g2'
'2022-datacenter-g2'
'2022-datacenter-smalldisk-g2'
])
param OSVersion string = '2022-datacenter-azure-edition'
@description('Linux Sku')
@allowed([
'vs-2019-ent-latest-win11-n-gen2'
'vs-2019-pro-general-win11-m365-gen2'
'vs-2019-comm-latest-win11-n-gen2'
'vs-2019-ent-general-win10-m365-gen2'
'vs-2019-ent-general-win11-m365-gen2'
'vs-2019-pro-general-win10-m365-gen2'
])
param imageSku string = 'vs-2019-ent-latest-win11-n-gen2'
@description('Security Type of the Virtual Machine.')
@allowed([
'Standard'
'TrustedLaunch'
])
param securityType string = 'TrustedLaunch'
var securityProfileJson = {
uefiSettings: {
secureBootEnabled: true
vTpmEnabled: true
}
securityType: securityType
}
var lbName = '${projectName}-lb'
var lbSkuName = 'Standard'
var lbPublicIpAddressName = '${projectName}-lbPublicIP'
var lbFrontEndName = 'LoadBalancerFrontEnd'
var lbBackendPoolName = 'LoadBalancerBackEndPool'
var lbProbeName = 'loadBalancerHealthProbe'
var nsgName = '${projectName}-nsg'
var vNetName = '${projectName}-vnet'
var vNetAddressPrefix = '10.0.0.0/16'
var vNetSubnetName = 'BackendSubnet'
var vNetSubnetAddressPrefix = '10.0.0.0/24'
var bastionName = '${projectName}-bastion'
var bastionSubnetName = 'AzureBastionSubnet'
var vNetBastionSubnetAddressPrefix = '10.0.1.0/24'
var bastionPublicIPAddressName = '${projectName}-bastionPublicIP'
var vmStorageAccountType = 'Premium_LRS'
var extensionName = 'GuestAttestation'
var extensionPublisher = 'Microsoft.Azure.Security.WindowsAttestation'
var extensionVersion = '1.0'
var maaTenantName = 'GuestAttestation'
var maaEndpoint = substring('emptyString', 0, 0)
var ascReportingEndpoint = substring('emptystring', 0, 0)
var natGatewayName = '${projectName}-natgateway'
var natGatewayPublicIPAddressName = '${projectName}-natPublicIP'
resource project_vm_1_networkInterface 'Microsoft.Network/networkInterfaces@2021-08-01' = [for i in range(0, 3): {
name: '${projectName}-vm${(i + 1)}-networkInterface'
location: location
properties: {
ipConfigurations: [
{
name: 'ipconfig1'
properties: {
privateIPAllocationMethod: 'Dynamic'
subnet: {
id: vNetName_vNetSubnetName.id
}
loadBalancerBackendAddressPools: [
{
id: resourceId('Microsoft.Network/loadBalancers/backendAddressPools', lbName, lbBackendPoolName)
}
]
}
}
]
networkSecurityGroup: {
id: nsg.id
}
}
dependsOn: [
lb
]
}]
resource project_vm_1_InstallWebServer 'Microsoft.Compute/virtualMachines/extensions@2021-11-01' = [for i in range(0, 3): {
name: '${projectName}-vm${(i + 1)}/InstallWebServer'
location: location
properties: {
publisher: 'Microsoft.Compute'
type: 'CustomScriptExtension'
typeHandlerVersion: '1.10'
autoUpgradeMinorVersion: true
settings: {
commandToExecute: 'powershell.exe Install-WindowsFeature -name Web-Server -IncludeManagementTools && powershell.exe remove-item \'C:\\inetpub\\wwwroot\\iisstart.htm\' && powershell.exe Add-Content -Path \'C:\\inetpub\\wwwroot\\iisstart.htm\' -Value $(\'Hello World from \' + $env:computername)'
}
}
dependsOn: [
project_vm_1
]
}]
resource project_vm_1 'Microsoft.Compute/virtualMachines@2021-11-01' = [for i in range(1, 3): {
name: '${projectName}-vm${i}'
location: location
zones: [
string(i)
]
properties: {
hardwareProfile: {
vmSize: vmSize
}
storageProfile: {
imageReference: {
publisher: 'MicrosoftWindowsServer'
offer: 'WindowsServer'
sku: '2019-Datacenter'
version: 'latest'
}
osDisk: {
createOption: 'FromImage'
managedDisk: {
storageAccountType: vmStorageAccountType
}
}
}
networkProfile: {
networkInterfaces: [
{
id: resourceId('Microsoft.Network/networkInterfaces', '${projectName}-vm${i}-networkInterface')
}
]
}
osProfile: {
computerName: '${projectName}-vm${i}'
adminUsername: adminUsername
adminPassword: adminPassword
windowsConfiguration: {
enableAutomaticUpdates: true
provisionVMAgent: true
}
}
securityProfile: ((securityType == 'TrustedLaunch') ? securityProfileJson : null)
}
dependsOn: [
project_vm_1_networkInterface
]
}]
resource projectName_vm_1_3_GuestAttestation 'Microsoft.Compute/virtualMachines/extensions@2022-03-01' = [for i in range(1, 3): if ((securityType == 'TrustedLaunch') && ((securityProfileJson.uefiSettings.secureBootEnabled == true) && (securityProfileJson.uefiSettings.vTpmEnabled == true))) {
name: '${projectName}-vm${i}/GuestAttestation'
location: location
properties: {
publisher: extensionPublisher
type: extensionName
typeHandlerVersion: extensionVersion
autoUpgradeMinorVersion: true
enableAutomaticUpgrade: true
settings: {
AttestationConfig: {
MaaSettings: {
maaEndpoint: maaEndpoint
maaTenantName: maaTenantName
}
AscSettings: {
ascReportingEndpoint: ascReportingEndpoint
ascReportingFrequency: ''
}
useCustomToken: 'false'
disableAlerts: 'false'
}
}
}
dependsOn: [
project_vm_1
]
}]
resource natGateway 'Microsoft.Network/natGateways@2021-05-01' = {
name: natGatewayName
location: location
sku: {
name: 'Standard'
}
properties: {
idleTimeoutInMinutes: 4
publicIpAddresses: [
{
id: natGatewayPublicIPAddress.id
}
]
}
}
resource natGatewayPublicIPAddress 'Microsoft.Network/publicIPAddresses@2021-05-01' = {
name: natGatewayPublicIPAddressName
location: location
sku: {
name: 'Standard'
}
properties: {
publicIPAddressVersion: 'IPv4'
publicIPAllocationMethod: 'Static'
idleTimeoutInMinutes: 4
}
}
resource vNetName_bastionSubnet 'Microsoft.Network/virtualNetworks/subnets@2021-08-01' = {
parent: vNet
name: bastionSubnetName
properties: {
addressPrefix: vNetBastionSubnetAddressPrefix
}
dependsOn: [
vNetName_vNetSubnetName
]
}
resource vNetName_vNetSubnetName 'Microsoft.Network/virtualNetworks/subnets@2021-08-01' = {
parent: vNet
name: vNetSubnetName
properties: {
addressPrefix: vNetSubnetAddressPrefix
natGateway: {
id: natGateway.id
}
}
}
resource bastion 'Microsoft.Network/bastionHosts@2021-08-01' = {
name: bastionName
location: location
properties: {
ipConfigurations: [
{
name: 'IpConf'
properties: {
privateIPAllocationMethod: 'Dynamic'
publicIPAddress: {
id: bastionPublicIPAddress.id
}
subnet: {
id: vNetName_bastionSubnet.id
}
}
}
]
}
}
resource bastionPublicIPAddress 'Microsoft.Network/publicIPAddresses@2021-08-01' = {
name: bastionPublicIPAddressName
location: location
sku: {
name: lbSkuName
}
properties: {
publicIPAddressVersion: 'IPv4'
publicIPAllocationMethod: 'Static'
}
}
resource lb 'Microsoft.Network/loadBalancers@2021-08-01' = {
name: lbName
location: location
sku: {
name: lbSkuName
}
properties: {
frontendIPConfigurations: [
{
name: lbFrontEndName
properties: {
publicIPAddress: {
id: lbPublicIPAddress.id
}
}
}
]
backendAddressPools: [
{
name: lbBackendPoolName
}
]
loadBalancingRules: [
{
name: 'myHTTPRule'
properties: {
frontendIPConfiguration: {
id: resourceId('Microsoft.Network/loadBalancers/frontendIPConfigurations', lbName, lbFrontEndName)
}
backendAddressPool: {
id: resourceId('Microsoft.Network/loadBalancers/backendAddressPools', lbName, lbBackendPoolName)
}
frontendPort: 80
backendPort: 80
enableFloatingIP: false
idleTimeoutInMinutes: 15
protocol: 'Tcp'
enableTcpReset: true
loadDistribution: 'Default'
disableOutboundSnat: true
probe: {
id: resourceId('Microsoft.Network/loadBalancers/probes', lbName, lbProbeName)
}
}
}
]
probes: [
{
name: lbProbeName
properties: {
protocol: 'Tcp'
port: 80
intervalInSeconds: 5
numberOfProbes: 2
}
}
]
outboundRules: [
]
}
}
resource lbPublicIPAddress 'Microsoft.Network/publicIPAddresses@2021-08-01' = {
name: lbPublicIpAddressName
location: location
sku: {
name: lbSkuName
}
properties: {
publicIPAddressVersion: 'IPv4'
publicIPAllocationMethod: 'Static'
}
}
resource nsg 'Microsoft.Network/networkSecurityGroups@2021-08-01' = {
name: nsgName
location: location
properties: {
securityRules: [
{
name: 'AllowHTTPInbound'
properties: {
protocol: '*'
sourcePortRange: '*'
destinationPortRange: '80'
sourceAddressPrefix: 'Internet'
destinationAddressPrefix: '*'
access: 'Allow'
priority: 100
direction: 'Inbound'
}
}
]
}
}
resource vNet 'Microsoft.Network/virtualNetworks@2021-08-01' = {
name: vNetName
location: location
properties: {
addressSpace: {
addressPrefixes: [
vNetAddressPrefix
]
}
}
}
output location string = location
output name string = lb.name
output resourceGroupName string = resourceGroup().name
output resourceId string = lb.id
Bicep 文件中已定义了多项 Azure 资源:
- Microsoft.Network/loadBalancers
- Microsoft.Network/publicIPAddresses:用于负载均衡器、堡垒主机和 NAT 网关。
- Microsoft.Network/bastionHosts
- Microsoft.Network/networkSecurityGroups
- Microsoft.Network/virtualNetworks
- Microsoft.Compute/virtualMachines (3)。
- Microsoft.Network/networkInterfaces(3 个)。
- Microsoft.Compute/virtualMachine/extensions (3):用于配置 Internet Information Server (IIS) 和网页。
- Microsoft.Network/natGateways:用于 NAT 网关。
重要
小时定价从部署 Bastion 的时刻开始计算,而无论出站数据使用情况如何。 有关详细信息,请参阅定价和 SKU。 如果要将 Bastion 部署为教程或测试的一部分,建议在使用完此资源后将其删除。
若要查找与 Azure 负载均衡器相关的更多 Bicep 文件或 ARM 模板,请参阅 Azure 快速入门模板。
部署 Bicep 文件
将该 Bicep 文件另存为本地计算机上的 main.bicep。
使用 Azure CLI 或 Azure PowerShell 来部署该 Bicep 文件。
az group create --name exampleRG --location ChinaEast az deployment group create --resource-group exampleRG --template-file main.bicep注意
Bicep 文件部署会创建三个可用性区域。 可用性区域仅在某些地区受到支持。 请使用受支持的地区之一。 如果不确定,请输入“ChinaEast”.
系统会提示你输入以下值:
- projectName:用于生成资源名称。
- adminUsername:虚拟机管理员用户名。
- adminPassword:虚拟机管理员密码。
部署 Bicep 文件大约需要 10 分钟。
查看已部署的资源
登录 Azure 门户。
从左侧窗格中选择“资源组”。
选择你在上一部分中创建的资源组。 默认资源组名称是“exampleRG”。
选择负载均衡器。 其默认名称是追加了 -lb 的项目名称。
仅复制公共 IP 地址的 IP 地址部分,然后将其粘贴到浏览器的地址栏中。
浏览器将显示 Internet Information Services (IIS) Web 服务器的默认页。
若要查看负载均衡器如何在所有 3 个 VM 之间分配流量,可从客户端计算机强制刷新 Web 浏览器。
清理资源
不再需要它们时,请删除:
- 资源组
- 负载均衡器
- 相关资源
请访问 Azure 门户,选择包含负载均衡器的资源组,然后选择“删除资源组”。
后续步骤
在本快速入门中,请执行以下操作:
- 为负载均衡器和虚拟机创建了虚拟网络。
- 创建了用于管理的 Azure Bastion 主机。
- 已创建标准负载均衡器并已将 VM 附加到它。
- 配置了负载均衡器流量规则和运行状况探测。
- 测试了负载均衡器。
若要了解详细信息,请继续学习与 Azure 负载均衡器相关的教程。