快速入门:创建 NAT 网关 - ARM 模板

通过 Azure 资源管理器模板(ARM 模板)开始使用 Azure NAT 网关。 此模板部署虚拟网络、NAT 网关资源和 Ubuntu 虚拟机。 Ubuntu 虚拟机将部署到与 NAT 网关资源关联的子网。

在 nat 网关快速入门中创建的资源的示意图。

Azure 资源管理器模板是定义项目基础结构和配置的 JavaScript 对象表示法 (JSON) 文件。 模板使用声明性语法。 你可以在不编写用于创建部署的编程命令序列的情况下,描述预期部署。

如果你的环境满足先决条件,并且你熟悉如何使用 ARM 模板,请选择“部署到 Azure”按钮。 模板将在 Azure 门户中打开。

用于将资源管理器模板部署到 Azure 的按钮。

先决条件

  • 如果没有 Azure 订阅,可在开始前创建一个试用帐户

查看模板

本快速入门中使用的模板来自 Azure 快速启动模板

此模板配置为创建:

  • 虚拟网络

  • NAT 网关资源

  • Ubuntu 虚拟机

Ubuntu VM 部署到与 NAT 网关资源关联的子网。

{
  "$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "metadata": {
    "_generator": {
      "name": "bicep",
      "version": "0.4.1272.37030",
      "templateHash": "8775765973444437006"
    }
  },
  "parameters": {
    "vmname": {
      "type": "string",
      "defaultValue": "myVM",
      "metadata": {
        "description": "Name of the virtual machine"
      }
    },
    "vmsize": {
      "type": "string",
      "defaultValue": "Standard_D2s_v3",
      "metadata": {
        "description": "Size of the virtual machine"
      }
    },
    "vnetname": {
      "type": "string",
      "defaultValue": "myVnet",
      "metadata": {
        "description": "Name of the virtual network"
      }
    },
    "subnetname": {
      "type": "string",
      "defaultValue": "mySubnet",
      "metadata": {
        "description": "Name of the subnet for virtual network"
      }
    },
    "vnetaddressspace": {
      "type": "string",
      "defaultValue": "192.168.0.0/16",
      "metadata": {
        "description": "Address space for virtual network"
      }
    },
    "vnetsubnetprefix": {
      "type": "string",
      "defaultValue": "192.168.0.0/24",
      "metadata": {
        "description": "Subnet prefix for virtual network"
      }
    },
    "natgatewayname": {
      "type": "string",
      "defaultValue": "myNATgateway",
      "metadata": {
        "description": "Name of the NAT gateway"
      }
    },
    "networkinterfacename": {
      "type": "string",
      "defaultValue": "myvmNIC",
      "metadata": {
        "description": "Name of the virtual machine nic"
      }
    },
    "publicipname": {
      "type": "string",
      "defaultValue": "myPublicIP",
      "metadata": {
        "description": "Name of the NAT gateway public IP"
      }
    },
    "nsgname": {
      "type": "string",
      "defaultValue": "myVMnsg",
      "metadata": {
        "description": "Name of the virtual machine NSG"
      }
    },
    "publicipvmname": {
      "type": "string",
      "defaultValue": "myPublicIPVM",
      "metadata": {
        "description": "Name of the virtual machine public IP"
      }
    },
    "publicipprefixname": {
      "type": "string",
      "defaultValue": "myPublicIPPrefix",
      "metadata": {
        "description": "Name of the NAT gateway public IP"
      }
    },
    "adminusername": {
      "type": "string",
      "metadata": {
        "description": "Administrator username for virtual machine"
      }
    },
    "adminpassword": {
      "type": "secureString",
      "metadata": {
        "description": "Administrator password for virtual machine"
      }
    },
    "location": {
      "type": "string",
      "defaultValue": "[resourceGroup().location]",
      "metadata": {
        "description": "Name of resource group"
      }
    }
  },
  "resources": [
    {
      "type": "Microsoft.Network/networkSecurityGroups",
      "apiVersion": "2021-05-01",
      "name": "[parameters('nsgname')]",
      "location": "[parameters('location')]",
      "properties": {
        "securityRules": [
          {
            "name": "SSH",
            "properties": {
              "protocol": "Tcp",
              "sourcePortRange": "*",
              "destinationPortRange": "22",
              "sourceAddressPrefix": "*",
              "destinationAddressPrefix": "*",
              "access": "Allow",
              "priority": 300,
              "direction": "Inbound"
            }
          }
        ]
      }
    },
    {
      "type": "Microsoft.Network/publicIPAddresses",
      "apiVersion": "2021-05-01",
      "name": "[parameters('publicipname')]",
      "location": "[parameters('location')]",
      "sku": {
        "name": "Standard"
      },
      "properties": {
        "publicIPAddressVersion": "IPv4",
        "publicIPAllocationMethod": "Static",
        "idleTimeoutInMinutes": 4
      }
    },
    {
      "type": "Microsoft.Network/publicIPAddresses",
      "apiVersion": "2021-05-01",
      "name": "[parameters('publicipvmname')]",
      "location": "[parameters('location')]",
      "sku": {
        "name": "Standard"
      },
      "properties": {
        "publicIPAddressVersion": "IPv4",
        "publicIPAllocationMethod": "Static",
        "idleTimeoutInMinutes": 4
      }
    },
    {
      "type": "Microsoft.Network/publicIPPrefixes",
      "apiVersion": "2021-05-01",
      "name": "[parameters('publicipprefixname')]",
      "location": "[parameters('location')]",
      "sku": {
        "name": "Standard"
      },
      "properties": {
        "prefixLength": 31,
        "publicIPAddressVersion": "IPv4"
      }
    },
    {
      "type": "Microsoft.Compute/virtualMachines",
      "apiVersion": "2021-11-01",
      "name": "[parameters('vmname')]",
      "location": "[parameters('location')]",
      "properties": {
        "hardwareProfile": {
          "vmSize": "[parameters('vmsize')]"
        },
        "storageProfile": {
          "imageReference": {
            "publisher": "Canonical",
            "offer": "UbuntuServer",
            "sku": "18.04-LTS",
            "version": "latest"
          },
          "osDisk": {
            "osType": "Linux",
            "name": "[format('{0}_disk1', parameters('vmname'))]",
            "createOption": "FromImage",
            "caching": "ReadWrite",
            "managedDisk": {
              "storageAccountType": "Premium_LRS"
            },
            "diskSizeGB": 30
          }
        },
        "osProfile": {
          "computerName": "[parameters('vmname')]",
          "adminUsername": "[parameters('adminusername')]",
          "adminPassword": "[parameters('adminpassword')]",
          "linuxConfiguration": {
            "disablePasswordAuthentication": false,
            "provisionVMAgent": true
          },
          "allowExtensionOperations": true
        },
        "networkProfile": {
          "networkInterfaces": [
            {
              "id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkinterfacename'))]"
            }
          ]
        }
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkinterfacename'))]"
      ]
    },
    {
      "type": "Microsoft.Network/virtualNetworks",
      "apiVersion": "2021-05-01",
      "name": "[parameters('vnetname')]",
      "location": "[parameters('location')]",
      "properties": {
        "addressSpace": {
          "addressPrefixes": [
            "[parameters('vnetaddressspace')]"
          ]
        },
        "subnets": [
          {
            "name": "[parameters('subnetname')]",
            "properties": {
              "addressPrefix": "[parameters('vnetsubnetprefix')]",
              "natGateway": {
                "id": "[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]"
              },
              "privateEndpointNetworkPolicies": "Enabled",
              "privateLinkServiceNetworkPolicies": "Enabled"
            }
          }
        ],
        "enableDdosProtection": false,
        "enableVmProtection": false
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]"
      ]
    },
    {
      "type": "Microsoft.Network/natGateways",
      "apiVersion": "2021-05-01",
      "name": "[parameters('natgatewayname')]",
      "location": "[parameters('location')]",
      "sku": {
        "name": "Standard"
      },
      "properties": {
        "idleTimeoutInMinutes": 4,
        "publicIpAddresses": [
          {
            "id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicipname'))]"
          }
        ],
        "publicIpPrefixes": [
          {
            "id": "[resourceId('Microsoft.Network/publicIPPrefixes', parameters('publicipprefixname'))]"
          }
        ]
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicipname'))]",
        "[resourceId('Microsoft.Network/publicIPPrefixes', parameters('publicipprefixname'))]"
      ]
    },
    {
      "type": "Microsoft.Network/virtualNetworks/subnets",
      "apiVersion": "2021-05-01",
      "name": "[format('{0}/{1}', parameters('vnetname'), 'mySubnet')]",
      "properties": {
        "addressPrefix": "[parameters('vnetsubnetprefix')]",
        "natGateway": {
          "id": "[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]"
        },
        "privateEndpointNetworkPolicies": "Enabled",
        "privateLinkServiceNetworkPolicies": "Enabled"
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]",
        "[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetname'))]"
      ]
    },
    {
      "type": "Microsoft.Network/networkInterfaces",
      "apiVersion": "2021-05-01",
      "name": "[parameters('networkinterfacename')]",
      "location": "[parameters('location')]",
      "properties": {
        "ipConfigurations": [
          {
            "name": "ipconfig1",
            "properties": {
              "privateIPAddress": "192.168.0.4",
              "privateIPAllocationMethod": "Dynamic",
              "publicIPAddress": {
                "id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicipvmname'))]"
              },
              "subnet": {
                "id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetname'), 'mySubnet')]"
              },
              "primary": true,
              "privateIPAddressVersion": "IPv4"
            }
          }
        ],
        "enableAcceleratedNetworking": false,
        "enableIPForwarding": false,
        "networkSecurityGroup": {
          "id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgname'))]"
        }
      },
      "dependsOn": [
        "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetname'), 'mySubnet')]",
        "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgname'))]",
        "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicipvmname'))]"
      ]
    }
  ]
}

该模板中定义了 9 个 Azure 资源:

部署模板

注意

当我们使用以 https://raw.githubusercontent.com/ 开头的指定模板文件 URI 部署资源时,控制台有时会生成错误,如 Unable to download deployment content

可以执行以下操作来解决相应问题。

  1. 复制模板 URI,通过更改前缀、中缀和模板文件名来转换 URI。 例如,源 URI 是 https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/101-cosmosdb-sql-autoscale/azuredeploy.json

    类别 原始值 转换后的值 操作
    前缀 https://raw.githubusercontent.com https://github.com 更新
    中辍 blob mastermain 之前添加分支名称
    模板文件名 azuredeploy.json 你的下载模板文件名 update

    修改后,转换后的 URI 看起来将类似于 https://github.com/Azure/azure-quickstart-templates/blob/master/101-cosmosdb-sql-autoscale/azuredeploy.json

    请注意,某些模板 URI 已更新为 https://github.com/Azure/azure-quickstart-template/quickstarts/{Microsoft_Resource_Provider_Name}/ ,你可以按照相应的路径规定来更新原始 URI。

  2. 复制转换后的 URI,并在 Internet 浏览器中手动下载特定的模板内容。

  3. 修改从 GitHub 存储库下载或引用的模板,以适应 Azure 中国世纪互联环境。 例如,替换某些终结点(将“blob.core.windows.net”替换为“blob.core.chinacloudapi.cn”,将“cloudapp.azure.com”替换为“chinacloudapp.cn”);必要时更改某些不受支持的位置、VM 映像、VM 大小、SKU 以及资源提供程序的 API 版本。

  4. 将参数 -TemplateUri 替换为 -TemplateFile(对于 powershell)或将参数 --template-uri 替换为 --template-file(针对 CLI),然后用已下载的实际文件名称更新指定的 URI,然后重新运行脚本。

    语言类别 参考链接 操作
    PowerShell New-AzResourceGroupDeployment -TemplateUri 替换为 -TemplateFile
    如有必要,请按照前面的步骤下载 -TemplateParameterUri 内容并在 cmdlet 中替换为 -TemplateParameterFile
    Azure CLI az deployment group create --template-uri 替换为 --template-file

用于将资源管理器模板部署到 Azure 的按钮。

查看已部署的资源

  1. 登录 Azure 门户

  2. 从左侧窗格中选择“资源组”。

  3. 选择你在上一部分中创建的资源组。 默认资源组名称是 myResourceGroupNAT

  4. 验证是否在资源组中创建了以下资源:

    虚拟网络 NAT 资源组

清理资源

如果不再需要上述资源组、NAT 网关和所有相关资源,请将其删除。 选择包含 NAT 网关的资源组 myResourceGroupNAT,然后选择“删除”。

后续步骤

在本快速入门中,我们创建了:

  • NAT 网关资源

  • 虚拟网络

  • Ubuntu 虚拟机

虚拟机部署到与 NAT 网关关联的虚拟网络子网。

要详细了解 Azure NAT 网关和 Azure 资源管理器,请继续阅读以下文章。