快速入门:使用 Bicep 创建专用链接服务
本快速入门中将使用 Bicep 创建专用链接服务。
Bicep 是一种特定于域的语言 (DSL),使用声明性语法来部署 Azure 资源。 它提供简明的语法、可靠的类型安全性以及对代码重用的支持。 Bicep 会针对你的 Azure 基础结构即代码解决方案提供最佳创作体验。
需要一个具有活动订阅的 Azure 帐户。 创建试用版订阅。
此 Bicep 文件创建专用链接服务。
本快速入门中使用的 Bicep 文件来自 Azure 快速入门模板。
@description('Username for the Virtual Machine.')
param vmAdminUsername string
@description('Password for the Virtual Machine. The password must be at least 12 characters long and have lower case, upper characters, digit and a special character (Regex match)')
@secure()
param vmAdminPassword string
@description('The size of the VM')
param vmSize string = 'Standard_D2_v3'
@description('Location for all resources.')
param location string = resourceGroup().location
var vnetName = 'myVirtualNetwork'
var vnetConsumerName = 'myPEVnet'
var vnetAddressPrefix = '10.0.0.0/16'
var frontendSubnetPrefix = '10.0.1.0/24'
var frontendSubnetName = 'frontendSubnet'
var backendSubnetPrefix = '10.0.2.0/24'
var backendSubnetName = 'backendSubnet'
var consumerSubnetPrefix = '10.0.0.0/24'
var consumerSubnetName = 'myPESubnet'
var loadbalancerName = 'myILB'
var backendPoolName = 'myBackEndPool'
var loadBalancerFrontEndIpConfigurationName = 'myFrontEnd'
var healthProbeName = 'myHealthProbe'
var privateEndpointName = 'myPrivateEndpoint'
var vmName = take('myVm${uniqueString(resourceGroup().id)}', 15)
var networkInterfaceName = '${vmName}NetInt'
var vmConsumerName = take('myConsumerVm${uniqueString(resourceGroup().id)}', 15)
var publicIpAddressConsumerName = '${vmConsumerName}PublicIP'
var networkInterfaceConsumerName = '${vmConsumerName}NetInt'
var osDiskType = 'StandardSSD_LRS'
var privatelinkServiceName = 'myPLS'
var loadbalancerId = loadbalancer.id
resource vnet 'Microsoft.Network/virtualNetworks@2021-05-01' = {
name: vnetName
location: location
properties: {
addressSpace: {
addressPrefixes: [
vnetAddressPrefix
]
}
subnets: [
{
name: frontendSubnetName
properties: {
addressPrefix: frontendSubnetPrefix
privateLinkServiceNetworkPolicies: 'Disabled'
}
}
{
name: backendSubnetName
properties: {
addressPrefix: backendSubnetPrefix
}
}
]
}
}
resource loadbalancer 'Microsoft.Network/loadBalancers@2021-05-01' = {
name: loadbalancerName
location: location
sku: {
name: 'Standard'
}
properties: {
frontendIPConfigurations: [
{
name: loadBalancerFrontEndIpConfigurationName
properties: {
privateIPAllocationMethod: 'Dynamic'
subnet: {
id: resourceId('Microsoft.Network/virtualNetworks/subnets', vnetName, frontendSubnetName)
}
}
}
]
backendAddressPools: [
{
name: backendPoolName
}
]
inboundNatRules: [
{
name: 'RDP-VM0'
properties: {
frontendIPConfiguration: {
id: resourceId('Microsoft.Network/loadBalancers/frontendIpConfigurations', loadbalancerName, loadBalancerFrontEndIpConfigurationName)
}
protocol: 'Tcp'
frontendPort: 3389
backendPort: 3389
enableFloatingIP: false
}
}
]
loadBalancingRules: [
{
name: 'myHTTPRule'
properties: {
frontendIPConfiguration: {
id: resourceId('Microsoft.Network/loadBalancers/frontendIpConfigurations', loadbalancerName, loadBalancerFrontEndIpConfigurationName)
}
backendAddressPool: {
id: resourceId('Microsoft.Network/loadBalancers/backendAddressPools', loadbalancerName, backendPoolName)
}
probe: {
id: resourceId('Microsoft.Network/loadBalancers/probes', loadbalancerName, healthProbeName)
}
protocol: 'Tcp'
frontendPort: 80
backendPort: 80
idleTimeoutInMinutes: 15
}
}
]
probes: [
{
properties: {
protocol: 'Tcp'
port: 80
intervalInSeconds: 15
numberOfProbes: 2
}
name: healthProbeName
}
]
}
dependsOn: [
vnet
]
}
resource networkInterface 'Microsoft.Network/networkInterfaces@2021-05-01' = {
name: networkInterfaceName
location: location
tags: {
displayName: networkInterfaceName
}
properties: {
ipConfigurations: [
{
name: 'ipConfig1'
properties: {
privateIPAllocationMethod: 'Dynamic'
subnet: {
id: resourceId('Microsoft.Network/virtualNetworks/subnets', vnetName, backendSubnetName)
}
loadBalancerBackendAddressPools: [
{
id: resourceId('Microsoft.Network/loadBalancers/backendAddressPools', loadbalancerName, backendPoolName)
}
]
loadBalancerInboundNatRules: [
{
id: resourceId('Microsoft.Network/loadBalancers/inboundNatRules/', loadbalancerName, 'RDP-VM0')
}
]
}
}
]
}
dependsOn: [
loadbalancer
]
}
resource vm 'Microsoft.Compute/virtualMachines@2021-11-01' = {
name: vmName
location: location
tags: {
displayName: vmName
}
properties: {
hardwareProfile: {
vmSize: vmSize
}
osProfile: {
computerName: vmName
adminUsername: vmAdminUsername
adminPassword: vmAdminPassword
}
storageProfile: {
imageReference: {
publisher: 'MicrosoftWindowsServer'
offer: 'WindowsServer'
sku: '2019-Datacenter'
version: 'latest'
}
osDisk: {
name: '${vmName}OsDisk'
caching: 'ReadWrite'
createOption: 'FromImage'
managedDisk: {
storageAccountType: osDiskType
}
diskSizeGB: 128
}
}
networkProfile: {
networkInterfaces: [
{
id: networkInterface.id
}
]
}
}
}
resource vmExtension 'Microsoft.Compute/virtualMachines/extensions@2021-11-01' = {
parent: vm
name: 'installcustomscript'
location: location
tags: {
displayName: 'install software for Windows VM'
}
properties: {
publisher: 'Microsoft.Compute'
type: 'CustomScriptExtension'
typeHandlerVersion: '1.9'
autoUpgradeMinorVersion: true
protectedSettings: {
commandToExecute: 'powershell -ExecutionPolicy Unrestricted Install-WindowsFeature -Name Web-Server'
}
}
}
resource privatelinkService 'Microsoft.Network/privateLinkServices@2021-05-01' = {
name: privatelinkServiceName
location: location
properties: {
enableProxyProtocol: false
loadBalancerFrontendIpConfigurations: [
{
id: resourceId('Microsoft.Network/loadBalancers/frontendIpConfigurations', loadbalancerName, loadBalancerFrontEndIpConfigurationName)
}
]
ipConfigurations: [
{
name: 'snet-provider-default-1'
properties: {
privateIPAllocationMethod: 'Dynamic'
privateIPAddressVersion: 'IPv4'
subnet: {
id: reference(loadbalancerId, '2019-06-01').frontendIPConfigurations[0].properties.subnet.id
}
primary: false
}
}
]
}
}
resource vnetConsumer 'Microsoft.Network/virtualNetworks@2021-05-01' = {
name: vnetConsumerName
location: location
properties: {
addressSpace: {
addressPrefixes: [
vnetAddressPrefix
]
}
subnets: [
{
name: consumerSubnetName
properties: {
addressPrefix: consumerSubnetPrefix
privateEndpointNetworkPolicies: 'Disabled'
}
}
{
name: backendSubnetName
properties: {
addressPrefix: backendSubnetPrefix
}
}
]
}
}
resource publicIpAddressConsumer 'Microsoft.Network/publicIPAddresses@2021-05-01' = {
name: publicIpAddressConsumerName
location: location
tags: {
displayName: publicIpAddressConsumerName
}
properties: {
publicIPAllocationMethod: 'Dynamic'
dnsSettings: {
domainNameLabel: toLower(vmConsumerName)
}
}
}
resource networkInterfaceConsumer 'Microsoft.Network/networkInterfaces@2021-05-01' = {
name: networkInterfaceConsumerName
location: location
tags: {
displayName: networkInterfaceConsumerName
}
properties: {
ipConfigurations: [
{
name: 'ipConfig1'
properties: {
privateIPAllocationMethod: 'Dynamic'
publicIPAddress: {
id: publicIpAddressConsumer.id
}
subnet: {
id: resourceId('Microsoft.Network/virtualNetworks/subnets', vnetConsumerName, consumerSubnetName)
}
}
}
]
}
dependsOn: [
vnetConsumer
]
}
resource vmConsumer 'Microsoft.Compute/virtualMachines@2021-11-01' = {
name: vmConsumerName
location: location
tags: {
displayName: vmConsumerName
}
properties: {
hardwareProfile: {
vmSize: vmSize
}
osProfile: {
computerName: vmConsumerName
adminUsername: vmAdminUsername
adminPassword: vmAdminPassword
}
storageProfile: {
imageReference: {
publisher: 'MicrosoftWindowsServer'
offer: 'WindowsServer'
sku: '2019-Datacenter'
version: 'latest'
}
osDisk: {
name: '${vmConsumerName}OsDisk'
caching: 'ReadWrite'
createOption: 'FromImage'
managedDisk: {
storageAccountType: osDiskType
}
diskSizeGB: 128
}
}
networkProfile: {
networkInterfaces: [
{
id: networkInterfaceConsumer.id
}
]
}
}
}
resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-05-01' = {
name: privateEndpointName
location: location
properties: {
subnet: {
id: resourceId('Microsoft.Network/virtualNetworks/subnets', vnetConsumerName, consumerSubnetName)
}
privateLinkServiceConnections: [
{
name: privateEndpointName
properties: {
privateLinkServiceId: privatelinkService.id
}
}
]
}
dependsOn: [
vnetConsumer
]
}
该 Bicep 文件中定义了多个 Azure 资源:
- Microsoft.Network/virtualNetworks:每个虚拟机都有一个虚拟网络。
- Microsoft.Network/loadBalancers:公开托管服务的虚拟机的负载均衡器。
- Microsoft.Network/networkInterfaces:有两个网络接口,每个虚拟机对应一个接口。
- Microsoft.Compute/virtualMachines:有两台虚拟机,一台用于托管服务,另一台用于测试到专用终结点的连接。
- Microsoft.Compute/virtualMachines/extensions:安装 Web 服务器的扩展。
- Microsoft.Network/privateLinkServices:用于公开服务的专用链接服务。
- Microsoft.Network/publicIpAddresses:有用于测试虚拟机的公共 IP 地址。
- Microsoft.Network/privateendpoints:用于访问服务的专用终结点。
将该 Bicep 文件另存为本地计算机上的 main.bicep。
使用 Azure CLI 或 Azure PowerShell 来部署该 Bicep 文件。
az group create --name exampleRG --location chinaeast2 az deployment group create --resource-group exampleRG --template-file main.bicep --parameters vmAdminUsername=<admin-user>
备注
将 <admin-user> 替换为虚拟机的用户名。 系统还会提示输入 vmAdminPassword。 密码长度必须至少为 12 个字符,并包含大小写字符、数字和特殊字符。
部署完成后,应会看到一条指出部署成功的消息。
使用 Azure 门户、Azure CLI 或 Azure PowerShell 列出资源组中已部署的资源。
az resource list --resource-group exampleRG
备注
Bicep 文件为虚拟机 myConsumerVm{uniqueid} 资源生成唯一名称。 用生成的值替换 {uniqueid}。
从 Internet 连接到 VM myConsumerVm{uniqueid},如下所示:
在 Azure 门户搜索栏中,输入 myConsumerVm{uniqueid}。
选择“连接”。 “连接到虚拟机”随即打开。
选择“下载 RDP 文件”。 Azure 会创建远程桌面协议 ( .rdp) 文件,并将其下载到计算机。
打开下载的 .rdp 文件。
a. 出现提示时,选择“连接”。
b. 输入创建 VM 时指定的用户名和密码。
备注
可能需要选择“更多选择”>“使用其他帐户”,以指定在创建 VM 时输入的凭据。
选择“确定”。
你可能会在登录过程中收到证书警告。 如果收到证书警告,请选择“确定”或“继续” 。
VM 桌面出现后,将其最小化以返回到本地桌面。
下面介绍了如何使用专用终结点从 VM 连接到 http 服务。
- 转到 myConsumerVm{uniqueid} 的远程桌面。
- 打开浏览器并输入专用终结点地址:
http://10.0.0.5/
。 - 默认 IIS 页随即出现。
如果不再需要使用专用链接服务创建的资源,请删除资源组。 这会删除专用链接服务和所有相关资源。
az group delete --name exampleRG
有关支持专用终结点的服务的详细信息,请参阅: