个人中心
文章发布
退出
作者热门文章
- html - 出于某种原因,IE8 对我的 Sass 文件中继承的 html5 CSS 不友好?
- JMeter 在响应断言中使用 span 标签的问题
- html - 在 :hover and :active? 上具有不同效果的 CSS 动画
- html - 相对于居中的 html 内容固定的 CSS 重复背景?
26
4
我一直在寻找一种正确的方法来使用内部负载均衡器来改造我的内部虚拟机规模集,该负载均衡器不会通过公共(public) IP 暴露在互联网上。但是,节点应该能够访问互联网来下载 github 中的一些包。
我遇到了这个问题,其中部署了负载均衡器以及规模集,但是我没有来自规模集节点的互联网带外连接...
我读了这篇文章,但它没有告诉我how to proceed
根据我的理解,我应该可以从我的节点访问互联网来下载软件包,因为我使用标准负载均衡器,但它不起作用。
我错过了什么?我宁愿避免使用 NAT Gateway ..
下面是我的完整 terraform 脚本,用于创建 RG、Vnet SUbnet、LB 规则,最后是 VMSS 和 jumbpox。
provider "azurerm" {
features {}
subscription_id = var.azure-subscription-id
client_id = var.azure-client-app-id
client_secret = var.azure-client-secret-password
tenant_id = var.azure-tenant-id
}
resource "azurerm_resource_group" "existing_terraform_rg" {
name = "rg-ict-spoke1-001"
location = "westeurope"
#depends_on = [var.rg_depends_on]
}
# Create storage account for boot diagnostics
resource "azurerm_storage_account" "mystorageaccount" {
name = "diag${random_id.randomId.hex}"
resource_group_name = azurerm_resource_group.existing_terraform_rg.name
location = "westeurope"
account_tier = "Standard"
account_replication_type = "LRS"
}
resource "azurerm_virtual_network" "existing_terraform_vnet" {
name = "vnet-spoke1-001"
location = "westeurope"
resource_group_name = azurerm_resource_group.existing_terraform_rg.name
address_space = ["10.0.0.0/16"]
#depends_on = [azurerm_resource_group.existing_terraform_rg]
}
// Subnets
# Create subnet
resource "azurerm_subnet" "spk1-jbx-subnet" {
name = "spk1-jbx-subnet"
resource_group_name = azurerm_resource_group.existing_terraform_rg.name
virtual_network_name = azurerm_virtual_network.existing_terraform_vnet.name
address_prefixes = ["10.0.0.0/24"]
}
resource "azurerm_subnet" "new_terraform_subnet_web" {
name = "snet-webtier-${var.environment}-vdc-001"
resource_group_name = azurerm_resource_group.existing_terraform_rg.name
virtual_network_name = azurerm_virtual_network.existing_terraform_vnet.name
address_prefix = var.webtier_address_prefix
depends_on = [azurerm_virtual_network.existing_terraform_vnet]
}
# Create Network Security Group and rule
resource "azurerm_network_security_group" "generic-nsg" {
name = "generic-nsg"
location = "westeurope"
resource_group_name = azurerm_resource_group.existing_terraform_rg.name
security_rule {
name = "GENERIC-RULE"
priority = 1001
direction = "Inbound"
access = "Allow"
protocol = "Tcp"
source_port_range = "*"
#destination_port_range = "3389"
#destination_port_ranges = "["22","3389","80","8080"]"
destination_port_ranges = ["22","3389","80","8080","443"]
source_address_prefix = "*"
destination_address_prefix = "*"
}
}
# Connect the security group to the network interface
resource "azurerm_subnet_network_security_group_association" "new_terraform_subnet_web-asso-nsg" {
subnet_id = azurerm_subnet.new_terraform_subnet_web.id
network_security_group_id = azurerm_network_security_group.generic-nsg.id
}
resource "azurerm_subnet_network_security_group_association" "spk1-jbx-subnet-asso-nsg" {
subnet_id = azurerm_subnet.spk1-jbx-subnet.id
network_security_group_id = azurerm_network_security_group.generic-nsg.id
}
# Generate random text for a unique storage account name
resource "random_id" "randomId" {
keepers = {
# Generate a new ID only when a new resource group is defined
resource_group = azurerm_resource_group.existing_terraform_rg.name
}
byte_length = 8
}
resource "azurerm_lb" "new_terraform_lb_web" {
name = "lb-${var.web_lb_name}-${var.environment}-vdc-001"
location = azurerm_resource_group.existing_terraform_rg.location
resource_group_name = azurerm_resource_group.existing_terraform_rg.name
sku = var.lb_Sku
frontend_ip_configuration {
name = "PrivateIPAddress-${var.web_lb_name}"
subnet_id = azurerm_subnet.new_terraform_subnet_web.id
private_ip_address = var.web_lb_private_IP
private_ip_address_allocation = "Static"
}
}
resource "azurerm_lb_backend_address_pool" "new_terraform_bpepool_web" {
resource_group_name = azurerm_resource_group.existing_terraform_rg.name
loadbalancer_id = azurerm_lb.new_terraform_lb_web.id
name = "${var.web_lb_name}-BackEndAddressPool"
}
resource "azurerm_lb_probe" "new_terraform_lb_probe_web" {
resource_group_name = azurerm_resource_group.existing_terraform_rg.name
loadbalancer_id = azurerm_lb.new_terraform_lb_web.id
name = "${var.web_lb_name}-probe-${var.web_lb_probe_protocol}"
protocol = var.web_lb_probe_protocol
request_path = var.web_lb_probe_request_path
port = var.web_lb_probe_port
}
resource "azurerm_lb_rule" "new_terraform_bpepool_web_rule_http" {
resource_group_name = azurerm_resource_group.existing_terraform_rg.name
loadbalancer_id = azurerm_lb.new_terraform_lb_web.id
backend_address_pool_id = azurerm_lb_backend_address_pool.new_terraform_bpepool_web.id
probe_id = azurerm_lb_probe.new_terraform_lb_probe_web.id
disable_outbound_snat = true
name = "new_terraform_bpepool_web_rule_http"
protocol = "Tcp"
frontend_port = 80
backend_port = 80
frontend_ip_configuration_name = "PrivateIPAddress-${var.web_lb_name}"
}
resource "azurerm_lb_rule" "new_terraform_bpepool_web_rule_https" {
resource_group_name = azurerm_resource_group.existing_terraform_rg.name
loadbalancer_id = azurerm_lb.new_terraform_lb_web.id
backend_address_pool_id = azurerm_lb_backend_address_pool.new_terraform_bpepool_web.id
probe_id = azurerm_lb_probe.new_terraform_lb_probe_web.id
disable_outbound_snat = true
name = "new_terraform_bpepool_web_rule_https"
protocol = "Tcp"
frontend_port = 443
backend_port = 443
frontend_ip_configuration_name = "PrivateIPAddress-${var.web_lb_name}"
}
resource "azurerm_windows_virtual_machine_scale_set" "new_terraform_vmss_web" {
depends_on = [azurerm_lb_rule.new_terraform_bpepool_web_rule_http,azurerm_lb_rule.new_terraform_bpepool_web_rule_https]
name = "vmss-001"
resource_group_name = azurerm_resource_group.existing_terraform_rg.name
location = azurerm_resource_group.existing_terraform_rg.location
sku = var.webtier_vmss_sku
instances = var.webtier_vmss_instance_count
admin_password = var.webtier_vmss_admin_password
admin_username = var.webtier_vmss_admin_uname
zone_balance = true
zones = [1,2,3]
upgrade_mode = "Manual"
#automatic_os_upgrade_policy {
# disable_automatic_rollback = false
# enable_automatic_os_upgrade = true
#}
#rolling_upgrade_policy {
# max_batch_instance_percent = 20
# max_unhealthy_instance_percent = 20
# max_unhealthy_upgraded_instance_percent = 5
# pause_time_between_batches = "PT0S"
#}
#health_probe_id = azurerm_lb_probe.new_terraform_lb_probe_web.id
source_image_reference {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = var.webtier_vmss_image_sku
version = "latest"
}
os_disk {
storage_account_type = "Standard_LRS"
caching = "ReadWrite"
}
network_interface {
name = "vmss-001-nic-1"
primary = true
ip_configuration {
name = "vmss-001-nic-1-Configuration"
primary = true
subnet_id = azurerm_subnet.new_terraform_subnet_web.id
load_balancer_backend_address_pool_ids = [azurerm_lb_backend_address_pool.new_terraform_bpepool_web.id]
#load_balancer_inbound_nat_rules_ids = [azurerm_lb_nat_pool.lbnatpool-1.id]
}
}
}
resource "azurerm_virtual_machine_scale_set_extension" "new_terraform_vmss_web_ext_1" {
name = "new_terraform_vmss_web_ext_1"
virtual_machine_scale_set_id = azurerm_windows_virtual_machine_scale_set.new_terraform_vmss_web.id
publisher = "Microsoft.Compute"
type = "CustomScriptExtension"
type_handler_version = "1.9"
settings = <<SETTINGS
{
"fileUris": ["https://raw.githubusercontent.com/Azure-Samples/compute-automation-configurations/master/automate-iis-v2.ps1"]
}
SETTINGS
protected_settings = <<PROTECTED_SETTINGS
{
"commandToExecute": "powershell -ExecutionPolicy Unrestricted -File automate-iis-v2.ps1"
}
PROTECTED_SETTINGS
}
# Create public IPs
resource "azurerm_public_ip" "spk1-jbx-puip" {
name = "spk1-jbx-puip"
location = "westeurope"
resource_group_name = azurerm_resource_group.existing_terraform_rg.name
allocation_method = "Dynamic"
}
# Create network interface
resource "azurerm_network_interface" "spk1-jbx-nic" {
name = "spk1-jbx-nic"
location = "westeurope"
resource_group_name = azurerm_resource_group.existing_terraform_rg.name
ip_configuration {
name = "spk1-jbx-nic-conf"
subnet_id = azurerm_subnet.spk1-jbx-subnet.id
private_ip_address_allocation = "Dynamic"
public_ip_address_id = azurerm_public_ip.spk1-jbx-puip.id
}
}
resource "azurerm_virtual_machine" "spk1-jbx-vm" {
name = "spk1-jbx-vm"
location = "westeurope"
resource_group_name = azurerm_resource_group.existing_terraform_rg.name
network_interface_ids = ["${azurerm_network_interface.spk1-jbx-nic.id}"]
vm_size = "Standard_D2s_v3"
storage_image_reference {
publisher = "MicrosoftWindowsServer"
offer = "WindowsServer"
sku = "2016-Datacenter"
version = "latest"
}
storage_os_disk {
name = "spk1-jbx-vm-mtwin-disk-os"
caching = "ReadWrite"
create_option = "FromImage"
managed_disk_type = "Standard_LRS"
}
os_profile {
computer_name = "spk1-jbx-vm"
admin_username = "demouser"
admin_password = "M0nP@ssw0rd!"
}
os_profile_windows_config {
provision_vm_agent = true
}
}
最佳答案
您需要一个公共(public)负载均衡器来对出站流量进行端口伪装 SNAT (PAT)。您可以按照您引用的 Azure 文档中的说明配置内部负载均衡器和公共(public)负载均衡器。
Outbound NAT for internal Standard Load Balancer scenarios When usingan internal Standard Load Balancer, outbound NAT is not availableuntil outbound connectivity has been explicitly declared. You candefine outbound connectivity using an outbound rule to create outboundconnectivity for VMs behind an internal Standard Load Balancer withthese steps: 1. Create a public Standard Load Balancer. 2. Create abackend pool and place the VMs into a backend pool of the public LoadBalancer in addition to the internal Load Balancer. 3. Configure anoutbound rule on the public Load Balancer to program outbound NAT forthese VMs.
关于带有内部负载平衡器的 azurerm terraform 秤,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/63380270/
26
4
0
这是我的测试用例。 http://tobeythorn.com/isi/dummy2.svg http://tobeythorn.com/isi/isitest.html 如果我自己打开 svg,内部
这是我的测试用例。 http://tobeythorn.com/isi/dummy2.svg http://tobeythorn.com/isi/isitest.html 如果我自己打开 svg,内部
我正在尝试做类似的事情: SELECT SUM( CASE WHEN ( AND EXISTS(SELECT 1
我想问如何在外部 ng-repeat 内部正确使用内部 ng-repeat: 这意味着你想使用这样的东西: {{milestone.id}} {{
我希望在 wordpress 的仪表板内编辑 css 样式并且如果可能的话不必编辑 php 文件。 我知道至少可以编辑一些属性,所以我希望我可以直接在仪表板中编辑所有属性。 更具体地说如何更改自定义类
我在安装在 windows10 上的 vmware 中的 Ubuntu 上安装了伪分布式独立 hadoop 版本。 我从网上下载了一个文件,复制到ubuntu本地目录/lab/data 我在 ubun
我有一个如下所示的 WHERE 语句: WHERE ((@Value1 IS NULL AND [value1_id] IS NULL) OR [value1_id] = ISNULL(@Va
我有一个如下所示的 WHERE 语句: WHERE ((@Value1 IS NULL AND [value1_id] IS NULL) OR [value1_id] = ISNULL(@Va
在我的一些测试帮助程序代码中,我有一个名为 FakeDbSet(Of T) 的 IDbSet(Of T) 实现,它模拟了许多 EF 行为,但没有实际的数据库。我将类声明为 Friend ,因为我想强制
我正在寻找 Cassandra/CQL 的常见 SQL 习语 INSERT INTO ... SELECT ... FROM ... 的表亲。并且一直无法找到任何以编程方式或在 CQL 中执行此类操作
如何防止内部 while 循环无限运行?问题是,如果没有外部 while 循环,内部循环将毫无问题地运行。我知道它必须对外循环执行某些操作,但我无法弄清楚是什么导致了问题。 import java.u
我正在努力学习更多有关 C++ 的知识,但在国际象棋程序中遇到了一些代码,需要帮助才能理解。我有一个 union ,例如: union b_union { Bitboard b; st
这是我项目网页中的代码片段。这里我想显示用户选择的类别,然后想显示属于该类别的主题。在那里,用户可以拥有多个类别,这没有问题。我可以在第一个 while 循环中打印所有这些类别。问题是当我尝试打印主题
我想知道如何在 swing 中显示内部框架。这意味着,当需要 JFrame 时,通常我所做的是, new MyJFrame().setVisible(true); 假设之前的表单也应该显示。当显示这个
我最近发现了一些有趣的行为,这让我想知道对象如何知道存在哪些全局变量。例如,假设我有一个文件“test.py”: globalVar = 1 toDelete = 2 class Test(objec
我知道它已经在这里得到回答: google maps drag and drop objects into google maps from outside the Map ,但这并不完全是我所需要的
我目前正在学习Javascript DOM和innerHTML,发现在理解innerHTML方面存在一些问题。 这是我的代码:http://jsfiddle.net/hphchan/bfjx1w70/
我构建了一个布局如下的库: lib/ private_class_impl.cc private_class_decl.h public_class_impl.cc include/
我有一个使用 bootstrap 3 的组合 wordpress 网站。它基本上是一个图像网格。当屏幕展开时,它会从三列变为四列。移动时它是一列。 我想出了如何调整图像的顶部和底部边距,但我希望图像的
我正在试用 MSP-EXP430G2 的教程程序,使用 Code Composer Studio 使 LED 闪烁。最初,它有一个闪烁的无限循环: for(;;) // This emp
我是一名优秀的程序员,十分优秀!