在不影响现有子网的情况下将 Azure VPN 网关部署到现有 vnet
[英]Deploy Azure VPN gateway to existing vnet without affecting existing subnets
问题描述
I am attempting to deploy a new Azure Virtual Network Gateway to an existing VNET that includes several subnets.
我正在尝试将新的 Azure 虚拟网络网关部署到包含多个子网的现有 VNET。 I am configuring this in a test environment first with a dummy subnet.我首先在测试环境中使用虚拟子网进行配置。 I am using ARM to create a .json template and parameters file, which I am deploying via Jenkins.我正在使用 ARM 创建一个 .json 模板和参数文件,我通过 Jenkins 进行部署。 Currently the template attempts to redeploy the whole VNET when it deploys the Virtual Network Gateway.当前,模板在部署虚拟网络网关时会尝试重新部署整个 VNET。 I do not want it to do this.我不希望它这样做。 I want it to deploy the Virtual Network Gateway to the existing VNET.我希望它将虚拟网关部署到现有的 VNET。 Please see below for how I am coding the VNET in the template.请参阅下文,了解我如何在模板中对 VNET 进行编码。
{
"apiVersion": "2019-04-01",
"type": "Microsoft.Network/virtualNetworks",
"name": "[parameters('virtualNetworkName')]",
"location": "[resourceGroup().location]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('azureVNetAddressPrefix')]"
]
},
"subnets": [
{
"name": "GatewaySubnet",
"properties": {
"addressPrefix": "[parameters('gatewaySubnetPrefix')]"
}
}
]
}
}
I am getting the following error in Jenkins when deploying this template:部署此模板时,我在 Jenkins 中收到以下错误:
"code": "InUseSubnetCannotBeDeleted",
"message": "Subnet testing-subnet is in use by /subscriptions/****/resourceGroups/networks-dev-rg/providers/Microsoft.Network/networkInterfaces/dev-jmp-d31653/ipConfigurations/ipconfig1 and cannot be deleted. In order to delete the subnet, delete all the resources within the subnet. See aka.ms/deletesubnet."
I've looked at the Microsoft knowledgebase but I've struggled to find an explanation of how I can do this, or whether it's even possible.我已经查看了 Microsoft 知识库,但我一直在努力寻找如何做到这一点的解释,或者它是否可能。 Ideally, I'd like to avoid listing all of the subnets in the vnet, as this is a template I want to apply to different vnets with different subnets.理想情况下,我希望避免列出 vnet 中的所有子网,因为这是我想应用于具有不同子网的不同 vnet 的模板。
Can anyone provide answers or advice?任何人都可以提供答案或建议吗? Thanks.谢谢。
2 个解决方案
解决方案1
1 已采纳 2019-06-18 17:23:29
Unfortunately, this does not seem to be supported very well in ARM.不幸的是,这在 ARM 中似乎没有得到很好的支持。 This is because a VNET is a resource and a subnet is a property of that resource.这是因为 VNET 是一种资源,而子网是该资源的属性。 When an ARM template is deployed, any resources not mentioned are ignored (in iterative mode, at least).部署 ARM 模板时,任何未提及的资源都将被忽略(至少在迭代模式下)。
However, properties of existing resources that are mentioned MUST BE SPECIFIED.但是,必须指定提及的现有资源的属性。 This is because Azure tries to implement the resource as specified in the template.这是因为 Azure 尝试实现模板中指定的资源。 If a property is different, it will alter it.如果一个属性不同,它会改变它。 If a property is absent, it will REMOVE it.如果属性不存在,它将删除它。
Potential solutions:可能的解决方案:
Have multiple templates for each of your vnets.
每个 vnet 都有多个模板。 When you make a change, you update the whole vnet.进行更改时,会更新整个 vnet。 This requires you to track several templates and is not ideal for infrastructure as code, but is a simple solution.这需要您跟踪多个模板,对于基础设施即代码来说并不理想,但它是一个简单的解决方案。Use a powershell solution instead:
改用 powershell 解决方案:
https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-tutorial-create-gateway-powershell . https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-tutorial-create-gateway-powershell 。 I haven't tried this myself as I've been told to use ARM by my superiors, but it has been suggested on several forums as an alternative.我自己还没有尝试过,因为我的上司告诉我使用 ARM,但在几个论坛上已经建议将其作为替代方案。
- You could also attempt to use a copyloop as per this guidance, but this has limited utility and I haven't yet verified if you can use a name array rather than a number array:您也可以尝试按照本指南使用 copyloop,但这实用性有限,我还没有验证您是否可以使用名称数组而不是数字数组:
https://pkm-technology.com/azure-vnet-json/ https://pkm-technology.com/azure-vnet-json/
- Update your subnets as part of a separate template.作为单独模板的一部分更新您的子网。 This requires you to also update your master vnet template as well, otherwise your new subnets will be removed if you ever redeploy the master vnet template.这还要求您还更新您的主 vnet 模板,否则如果您重新部署主 vnet 模板,您的新子网将被删除。 Also, you can only add subnets in this way.此外,您只能以这种方式添加子网。 It doesn't help if you want to do something else, such as deploy a VPN gateway.如果您想做其他事情,例如部署 VPN 网关,这无济于事。
解决方案2
0 2019-06-18 16:36:58
The following ARM template will add a subnet to a virtual network with existing subnets and will not disturb the existing subnets.以下 ARM 模板将向具有现有子网的虚拟网络添加子网,并且不会干扰现有子网。
{
"$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"virtualNetworkName": {
"type": "string",
"defaultValue": "VNet1"
},
"gatewaySubnetPrefix": {
"type": "string",
"defaultValue": "10.0.2.0/24"
}
},
"variables": {},
"resources": [
{
"apiVersion": "2019-04-01",
"type": "Microsoft.Network/virtualNetworks/subnets",
"name": "[concat(parameters('virtualNetworkName'), '/GatewaySubnet')]",
"location": "[resourceGroup().location]",
"properties": {
"addressPrefix": "[parameters('gatewaySubnetPrefix')]"
}
}
]
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.