通过 Azure 资源管理器模板(ARM 模板)开始使用 Azure NAT 网关。 此模板部署虚拟网络、NAT 网关资源和 Ubuntu 虚拟机。 Ubuntu 虚拟机将部署到与 NAT 网关资源关联的子网。
Azure 资源管理器模板是定义项目基础结构和配置的 JavaScript 对象表示法 (JSON) 文件。 模板使用声明性语法。 你可以在不编写用于创建部署的编程命令序列的情况下,描述预期部署。
如果你的环境满足先决条件,并且你熟悉如何使用 ARM 模板,请选择“部署到 Azure”按钮。 模板将在 Azure 门户中打开。
- 如果没有 Azure 订阅,可在开始前创建一个试用帐户。
本快速入门中使用的模板来自 Azure 快速启动模板。
此模板配置为创建:
虚拟网络
NAT 网关资源
Ubuntu 虚拟机
Ubuntu VM 部署到与 NAT 网关资源关联的子网。
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.4.1272.37030",
"templateHash": "8775765973444437006"
}
},
"parameters": {
"vmname": {
"type": "string",
"defaultValue": "myVM",
"metadata": {
"description": "Name of the virtual machine"
}
},
"vmsize": {
"type": "string",
"defaultValue": "Standard_D2s_v3",
"metadata": {
"description": "Size of the virtual machine"
}
},
"vnetname": {
"type": "string",
"defaultValue": "myVnet",
"metadata": {
"description": "Name of the virtual network"
}
},
"subnetname": {
"type": "string",
"defaultValue": "mySubnet",
"metadata": {
"description": "Name of the subnet for virtual network"
}
},
"vnetaddressspace": {
"type": "string",
"defaultValue": "192.168.0.0/16",
"metadata": {
"description": "Address space for virtual network"
}
},
"vnetsubnetprefix": {
"type": "string",
"defaultValue": "192.168.0.0/24",
"metadata": {
"description": "Subnet prefix for virtual network"
}
},
"natgatewayname": {
"type": "string",
"defaultValue": "myNATgateway",
"metadata": {
"description": "Name of the NAT gateway"
}
},
"networkinterfacename": {
"type": "string",
"defaultValue": "myvmNIC",
"metadata": {
"description": "Name of the virtual machine nic"
}
},
"publicipname": {
"type": "string",
"defaultValue": "myPublicIP",
"metadata": {
"description": "Name of the NAT gateway public IP"
}
},
"nsgname": {
"type": "string",
"defaultValue": "myVMnsg",
"metadata": {
"description": "Name of the virtual machine NSG"
}
},
"publicipvmname": {
"type": "string",
"defaultValue": "myPublicIPVM",
"metadata": {
"description": "Name of the virtual machine public IP"
}
},
"publicipprefixname": {
"type": "string",
"defaultValue": "myPublicIPPrefix",
"metadata": {
"description": "Name of the NAT gateway public IP"
}
},
"adminusername": {
"type": "string",
"metadata": {
"description": "Administrator username for virtual machine"
}
},
"adminpassword": {
"type": "secureString",
"metadata": {
"description": "Administrator password for virtual machine"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Name of resource group"
}
}
},
"resources": [
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2021-05-01",
"name": "[parameters('nsgname')]",
"location": "[parameters('location')]",
"properties": {
"securityRules": [
{
"name": "SSH",
"properties": {
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "22",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 300,
"direction": "Inbound"
}
}
]
}
},
{
"type": "Microsoft.Network/publicIPAddresses",
"apiVersion": "2021-05-01",
"name": "[parameters('publicipname')]",
"location": "[parameters('location')]",
"sku": {
"name": "Standard"
},
"properties": {
"publicIPAddressVersion": "IPv4",
"publicIPAllocationMethod": "Static",
"idleTimeoutInMinutes": 4
}
},
{
"type": "Microsoft.Network/publicIPAddresses",
"apiVersion": "2021-05-01",
"name": "[parameters('publicipvmname')]",
"location": "[parameters('location')]",
"sku": {
"name": "Standard"
},
"properties": {
"publicIPAddressVersion": "IPv4",
"publicIPAllocationMethod": "Static",
"idleTimeoutInMinutes": 4
}
},
{
"type": "Microsoft.Network/publicIPPrefixes",
"apiVersion": "2021-05-01",
"name": "[parameters('publicipprefixname')]",
"location": "[parameters('location')]",
"sku": {
"name": "Standard"
},
"properties": {
"prefixLength": 31,
"publicIPAddressVersion": "IPv4"
}
},
{
"type": "Microsoft.Compute/virtualMachines",
"apiVersion": "2021-11-01",
"name": "[parameters('vmname')]",
"location": "[parameters('location')]",
"properties": {
"hardwareProfile": {
"vmSize": "[parameters('vmsize')]"
},
"storageProfile": {
"imageReference": {
"publisher": "Canonical",
"offer": "UbuntuServer",
"sku": "18.04-LTS",
"version": "latest"
},
"osDisk": {
"osType": "Linux",
"name": "[format('{0}_disk1', parameters('vmname'))]",
"createOption": "FromImage",
"caching": "ReadWrite",
"managedDisk": {
"storageAccountType": "Premium_LRS"
},
"diskSizeGB": 30
}
},
"osProfile": {
"computerName": "[parameters('vmname')]",
"adminUsername": "[parameters('adminusername')]",
"adminPassword": "[parameters('adminpassword')]",
"linuxConfiguration": {
"disablePasswordAuthentication": false,
"provisionVMAgent": true
},
"allowExtensionOperations": true
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkinterfacename'))]"
}
]
}
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkInterfaces', parameters('networkinterfacename'))]"
]
},
{
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2021-05-01",
"name": "[parameters('vnetname')]",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('vnetaddressspace')]"
]
},
"subnets": [
{
"name": "[parameters('subnetname')]",
"properties": {
"addressPrefix": "[parameters('vnetsubnetprefix')]",
"natGateway": {
"id": "[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]"
},
"privateEndpointNetworkPolicies": "Enabled",
"privateLinkServiceNetworkPolicies": "Enabled"
}
}
],
"enableDdosProtection": false,
"enableVmProtection": false
},
"dependsOn": [
"[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]"
]
},
{
"type": "Microsoft.Network/natGateways",
"apiVersion": "2021-05-01",
"name": "[parameters('natgatewayname')]",
"location": "[parameters('location')]",
"sku": {
"name": "Standard"
},
"properties": {
"idleTimeoutInMinutes": 4,
"publicIpAddresses": [
{
"id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicipname'))]"
}
],
"publicIpPrefixes": [
{
"id": "[resourceId('Microsoft.Network/publicIPPrefixes', parameters('publicipprefixname'))]"
}
]
},
"dependsOn": [
"[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicipname'))]",
"[resourceId('Microsoft.Network/publicIPPrefixes', parameters('publicipprefixname'))]"
]
},
{
"type": "Microsoft.Network/virtualNetworks/subnets",
"apiVersion": "2021-05-01",
"name": "[format('{0}/{1}', parameters('vnetname'), 'mySubnet')]",
"properties": {
"addressPrefix": "[parameters('vnetsubnetprefix')]",
"natGateway": {
"id": "[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]"
},
"privateEndpointNetworkPolicies": "Enabled",
"privateLinkServiceNetworkPolicies": "Enabled"
},
"dependsOn": [
"[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]",
"[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetname'))]"
]
},
{
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "2021-05-01",
"name": "[parameters('networkinterfacename')]",
"location": "[parameters('location')]",
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAddress": "192.168.0.4",
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicipvmname'))]"
},
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetname'), 'mySubnet')]"
},
"primary": true,
"privateIPAddressVersion": "IPv4"
}
}
],
"enableAcceleratedNetworking": false,
"enableIPForwarding": false,
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgname'))]"
}
},
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetname'), 'mySubnet')]",
"[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgname'))]",
"[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicipvmname'))]"
]
}
]
}
该模板中定义了 9 个 Azure 资源:
Microsoft.Network/networkSecurityGroups :创建网络安全组。
Microsoft.Network/networkSecurityGroups/securityRules :创建安全规则。
Microsoft.Network/publicIPAddresses :创建公共 IP 地址。
Microsoft.Network/publicIPPrefixes :创建公共 IP 前缀。
Microsoft.Network/virtualNetworks :创建虚拟网络。
Microsoft.Network/natGateways :创建 NAT 网关资源。
Microsoft.Network/virtualNetworks/subnets :创建虚拟网络子网。
Microsoft.Network/networkinterfaces :创建网络接口。
备注
当我们使用以 https://raw.githubusercontent.com/ 开头的指定模板文件 URI 部署资源时,控制台有时会生成错误,如 Unable to download deployment content。
可以执行以下操作来解决相应问题。
复制模板 URI,通过更改前缀、中缀和模板文件名来转换 URI。 例如,源 URI 是
https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/101-cosmosdb-sql-autoscale/azuredeploy.json类别 原始值 转换后的值 操作 前缀 https://raw.githubusercontent.comhttps://github.com更新 中辍 blob在 master或main之前添加分支名称模板文件名 azuredeploy.json 你的下载模板文件名 update 修改后,转换后的 URI 看起来将类似于
https://github.com/Azure/azure-quickstart-templates/blob/master/101-cosmosdb-sql-autoscale/azuredeploy.json。请注意,某些模板 URI 已更新为 https://github.com/Azure/azure-quickstart-template/quickstarts/{Microsoft_Resource_Provider_Name}/ ,你可以按照相应的路径规定来更新原始 URI。
复制转换后的 URI,并在 Internet 浏览器中手动下载特定的模板内容。
修改从 GitHub 存储库下载或引用的模板,以适应 Azure 中国世纪互联环境。 例如,替换某些终结点(将“blob.core.windows.net”替换为“blob.core.chinacloudapi.cn”,将“cloudapp.azure.com”替换为“chinacloudapp.cn”);必要时更改某些不受支持的位置、VM 映像、VM 大小、SKU 以及资源提供程序的 API 版本。
将参数
-TemplateUri替换为-TemplateFile(对于 powershell)或将参数--template-uri替换为--template-file(针对 CLI),然后用已下载的实际文件名称更新指定的 URI,然后重新运行脚本。语言类别 参考链接 操作 PowerShell New-AzResourceGroupDeployment将 -TemplateUri替换为-TemplateFile
如有必要,请按照前面的步骤下载-TemplateParameterUri内容并在 cmdlet 中替换为-TemplateParameterFile。Azure CLI az deployment group create将 --template-uri替换为--template-file
登录 Azure 门户。
从左侧窗格中选择“资源组”。
选择你在上一部分中创建的资源组。 默认资源组名称是 myResourceGroupNAT
验证是否在资源组中创建了以下资源:
如果不再需要上述资源组、NAT 网关和所有相关资源,请将其删除。 选择包含 NAT 网关的资源组 myResourceGroupNAT,然后选择“删除”。
在本快速入门中,我们创建了:
NAT 网关资源
虚拟网络
Ubuntu 虚拟机
虚拟机部署到与 NAT 网关关联的虚拟网络子网。
要详细了解 Azure NAT 网关和 Azure 资源管理器,请继续阅读以下文章。
了解 NAT 网关资源
了解有关 Azure 资源管理器的详细信息