个人中心
gpt4 book ai didi

Azure 专用端点和 Terraform

转载 作者:行者123 更新时间:2023-12-03 21:58:52 25 4
gpt4 key购买 nike

我正在尝试在 Azure 子网中创建具有专用终结点的存储帐户。

我在 terraform apply 之后遇到了这样的问题:

Error creating Private Endpoint "dev-pe" (Resource Group "privateendpoint-rg"): network.PrivateEndpointsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="PrivateEndpointCannotBeCreatedInSubnetThatHasNetworkPoliciesEnabled" Message="Private endpoint /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/privateendpoint-rg/providers/Microsoft.Network/privateEndpoints/dev-pe cannot be created in a subnet /subscriptions/00000000-0000-0000-0000-000000000000/resourceGroups/privateendpoint-rg/providers/Microsoft.Network/virtualNetworks/dev-vnet/subnets/dev-storage-subnet since it has private endpoint network policies enabled." Details=[]

如下所示,我设置了 enforce_private_link_endpoint_network_policies = false 并尝试了 azurem_private_link_service

这是我的代码:

resource "azurerm_resource_group" "example" {
  name     = "privateendpoint-rg"
  location = var.location
  tags     = local.common_tags
}

resource "azurerm_virtual_network" "example" {
  name                = "${var.environment}-vnet"
  address_space       = ["10.0.0.0/16"]
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  tags                = local.common_tags
}

resource "azurerm_subnet" "storage" {
  name                                           = "${var.environment}-storage-subnet"
  resource_group_name                            = azurerm_resource_group.example.name
  virtual_network_name                           = azurerm_virtual_network.example.name
  address_prefix                                 = "10.0.1.0/24"
  enforce_private_link_endpoint_network_policies = false
  // enforce_private_link_service_network_policies = false
  // service_endpoints                              = ["Microsoft.Storage"]
}  

resource "random_integer" "sa_num" {
  min = 10000
  max = 99999
}

resource "azurerm_storage_account" "example" {
  name                     = "${var.adoit_number}${lower(var.environment)}${random_integer.sa_num.result}"
  resource_group_name       = azurerm_resource_group.example.name
  location                  = azurerm_resource_group.example.location
  account_tier              = "Standard"
  account_replication_type  = "LRS"
  enable_https_traffic_only = true
  tags                      = local.common_tags
}

resource "azurerm_storage_container" "example" {
  name                  = "acctestcont"
  storage_account_name  = azurerm_storage_account.example.name
  container_access_type = "private"
}

resource "azurerm_private_endpoint" "example" {
  name                = "${var.environment}-pe"
  location            = azurerm_resource_group.example.location
  resource_group_name = azurerm_resource_group.example.name
  subnet_id           = azurerm_subnet.storage.id

  private_service_connection {
    name                           = "${var.environment}-psc"
    is_manual_connection           = false
    private_connection_resource_id = azurerm_storage_account.example.id
    subresource_names              = ["blob"]
  }

}

如果我更改enforce_private_link_endpoint_network_policies = true,我会收到以下错误:

Error creating Private Endpoint "dev-pe" (Resource Group "privateendpoint-rg"): network.PrivateEndpointsClient#CreateOrUpdate: Failure sending request: StatusCode=400 -- Original Error: Code="OperationNotAllowedOnKind" Message="The operation is not allowed on account kind Storage" Details=[]

最佳答案

好的,找到了。如果要将存储帐户连接到专用端点,存储帐户必须是 StorageV2 类型,它在 Terraform 代码中如下所示:

resource "azurerm_storage_account" "example" {
  name                     = "${var.adoit_number}${lower(var.environment)}${random_integer.sa_num.result}"
  resource_group_name       = azurerm_resource_group.example.name
  location                  = azurerm_resource_group.example.location
  account_kind              = "StorageV2"
  account_tier              = "Standard"
  account_replication_type  = "LRS"
  enable_https_traffic_only = true
  tags                      = local.common_tags
}

关于Azure 专用端点和 Terraform,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/60736050/

25 4 0
文章推荐: R 包 cem 和 MatchIt : Different imbalance measure
文章推荐: math - 根据下载的GB计算访问次数
文章推荐: python - 时间戳减法必须具有相同的时区或没有时区,但它们都是 UTC
文章推荐: gnuplot - 在 Gnuplot 中绘制 COVID-19 数据
行者123
个人简介

我是一名优秀的程序员,十分优秀!

滴滴打车优惠券免费领取
滴滴打车优惠券
全站热门文章
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com