stackoom
  简体   繁体   中英

Deploy Azure VPN gateway to existing vnet without affecting existing subnets

 原文  2019-06-18 12:22:51       azure/ azure-resource-manager/ gateway/ arm-template/ azure-virtual-network

Question

I am attempting to deploy a new Azure Virtual Network Gateway to an existing VNET that includes several subnets. I am configuring this in a test environment first with a dummy subnet. I am using ARM to create a .json template and parameters file, which I am deploying via Jenkins. Currently the template attempts to redeploy the whole VNET when it deploys the Virtual Network Gateway. I do not want it to do this. I want it to deploy the Virtual Network Gateway to the existing VNET. Please see below for how I am coding the VNET in the template.

{
    "apiVersion": "2019-04-01",
    "type": "Microsoft.Network/virtualNetworks",
    "name": "[parameters('virtualNetworkName')]",
    "location": "[resourceGroup().location]",
    "properties": {
      "addressSpace": {
        "addressPrefixes": [
          "[parameters('azureVNetAddressPrefix')]"
        ]
      },
      "subnets": [
        {
          "name": "GatewaySubnet",
          "properties": {
            "addressPrefix": "[parameters('gatewaySubnetPrefix')]"
          }
        }
      ]
    }
  }

I am getting the following error in Jenkins when deploying this template:

"code": "InUseSubnetCannotBeDeleted",

"message": "Subnet testing-subnet is in use by /subscriptions/****/resourceGroups/networks-dev-rg/providers/Microsoft.Network/networkInterfaces/dev-jmp-d31653/ipConfigurations/ipconfig1 and cannot be deleted. In order to delete the subnet, delete all the resources within the subnet. See aka.ms/deletesubnet."

I've looked at the Microsoft knowledgebase but I've struggled to find an explanation of how I can do this, or whether it's even possible. Ideally, I'd like to avoid listing all of the subnets in the vnet, as this is a template I want to apply to different vnets with different subnets.

Can anyone provide answers or advice? Thanks.

2 answers

solution1
 1 ACCPTED  2019-06-18 17:23:29

Unfortunately, this does not seem to be supported very well in ARM. This is because a VNET is a resource and a subnet is a property of that resource. When an ARM template is deployed, any resources not mentioned are ignored (in iterative mode, at least).

However, properties of existing resources that are mentioned MUST BE SPECIFIED. This is because Azure tries to implement the resource as specified in the template. If a property is different, it will alter it. If a property is absent, it will REMOVE it.

Potential solutions:

  1. Have multiple templates for each of your vnets. When you make a change, you update the whole vnet. This requires you to track several templates and is not ideal for infrastructure as code, but is a simple solution.

  2. Use a powershell solution instead:

https://docs.microsoft.com/en-us/azure/vpn-gateway/vpn-gateway-tutorial-create-gateway-powershell . I haven't tried this myself as I've been told to use ARM by my superiors, but it has been suggested on several forums as an alternative.

  1. You could also attempt to use a copyloop as per this guidance, but this has limited utility and I haven't yet verified if you can use a name array rather than a number array:

https://pkm-technology.com/azure-vnet-json/

  1. Update your subnets as part of a separate template. This requires you to also update your master vnet template as well, otherwise your new subnets will be removed if you ever redeploy the master vnet template. Also, you can only add subnets in this way. It doesn't help if you want to do something else, such as deploy a VPN gateway.

solution2
 0  2019-06-18 16:36:58

The following ARM template will add a subnet to a virtual network with existing subnets and will not disturb the existing subnets.

{
  "$schema": "https://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
  "contentVersion": "1.0.0.0",
  "parameters": {
    "virtualNetworkName": {
      "type": "string",
      "defaultValue": "VNet1"
    },
    "gatewaySubnetPrefix": {
      "type": "string",
      "defaultValue": "10.0.2.0/24"
    }
  },
  "variables": {},
  "resources": [
    {
      "apiVersion": "2019-04-01",
      "type": "Microsoft.Network/virtualNetworks/subnets",
      "name": "[concat(parameters('virtualNetworkName'), '/GatewaySubnet')]",
      "location": "[resourceGroup().location]",
      "properties": {
        "addressPrefix": "[parameters('gatewaySubnetPrefix')]"
      }
    }
  ]
}

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Azure creating VM on existing VNET with multiple subnets Unable to create Azure AKS Cluster using existing VNET and Subnets azure existing vpn and gateway, add address space Addition of subnets to existing Vnet through ARM templates ARM template for Appservice integrating with existing VNET Subnets Azure Bastion into Existing Vnet How to change VNet and Subnet of an existing Azure Application Gateway? How do I deploy WebApp into existing Vnet and Subnet in Azure Azure S2S VNet VPN Gateway Aws vpn gateway with azure vnet peering
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM