对专用链接服务源 IP 禁用网络策略Disable network policies for Private Link service source IP

若要为专用链接服务选择源 IP 地址,子网上需要 privateLinkServiceNetworkPolicies 显式禁用设置。In order to choose a source IP address for your Private Link service, an explicit disable setting privateLinkServiceNetworkPolicies is required on the subnet. 此设置仅适用于特定专用 IP 地址,该地址已选择作为专用链接服务的源 IP 地址。This setting is only applicable for the specific private IP address you chose as the source IP of the Private Link service. 对于子网中的其他资源,访问权限基于网络安全组 (NSG) 安全规则定义进行控制。For other resources in the subnet, access is controlled based on Network Security Groups (NSG) security rules definition.

使用门户创建专用链接服务时,会在创建过程中自动禁用此设置。When using the portal to create a Private Link service, this setting is automatically disabled as part of the create process. 使用任何 Azure 客户端(PowerShell、CLI 或模板)进行部署时,需要通过额外的步骤来更改此属性。Deployments using any Azure client (PowerShell, CLI or templates), require an additional step to change this property. 可以使用 Azure PowerShell 和 Azure CLI 的本地安装来禁用此策略,也可以使用 Azure 资源管理器模板。You can disable the policy using local installations of Azure PowerShell, Azure CLI, or use Azure Resource Manager templates.

按照以下步骤为名为 myVirtualNetwork 的虚拟网络禁用专用链接服务网络策略,并在名为 myResourceGroup 的资源组中托管默认子网。Follow the steps below to disable private link service network policies for a virtual network named myVirtualNetwork with a default subnet hosted in a resource group named myResourceGroup.

使用 Azure PowerShellUsing Azure PowerShell

本部分介绍如何使用 Azure PowerShell 禁用子网专用终结点策略。This section describes how to disable subnet private endpoint policies using Azure PowerShell. 在代码中,将“默认”替换为虚拟子网的名称。In the code, replace "default" with the name of the virtual subnet.

$virtualSubnetName = "default"
$virtualNetwork= Get-AzVirtualNetwork `
  -Name "myVirtualNetwork" ` 
  -ResourceGroupName "myResourceGroup"

($virtualNetwork | Select -ExpandProperty subnets | Where-Object  {$_.Name -eq $virtualSubnetName} ).privateLinkServiceNetworkPolicies = "Disabled"  

$virtualNetwork | Set-AzVirtualNetwork 

使用 Azure CLIUsing Azure CLI

本部分介绍如何使用 Azure CLI 禁用子网专用终结点策略。This section describes how to disable subnet private endpoint policies using Azure CLI.

az network vnet subnet update \ 
  --name default \ 
  --resource-group myResourceGroup \ 
  --vnet-name myVirtualNetwork \ 
  --disable-private-link-service-network-policies true 

使用模板Using a template

本部分介绍如何使用 Azure 资源管理器模板禁用子网专用终结点策略。This section describes how to disable subnet private endpoint policies using Azure Resource Manager Template.

{ 
    "name": "myVirtualNetwork", 
    "type": "Microsoft.Network/virtualNetworks", 
    "apiVersion": "2019-04-01", 
    "location": "chinaeast2", 
    "properties": { 
        "addressSpace": { 
            "addressPrefixes": [ 
                "10.0.0.0/16" 
             ] 
        }, 
        "subnets": [ 
               { 
                 "name": "default", 
                 "properties": { 
                        "addressPrefix": "10.0.0.0/24", 
                        "privateLinkServiceNetworkPolicies": "Disabled" 
                    } 
                } 
        ] 
    } 
} 

后续步骤Next steps