使用現有的虛擬網路搭配 Azure 受控應用程式
本文說明如何定義 Azure 受控應用程式以整合取用者訂閱中現有的虛擬網路。 受控應用程式可讓取用者決定是否要建立新的虛擬網路,或者使用現有的虛擬網路。 現有的虛擬網路可以位於受控資源群組之外。
主要範本
首先,讓我們看看 mainTemplate.json 檔案。 用於部署虛擬機器和其相關聯資源的完整範本所示。 稍後,您將檢閱與使用現有虛擬網路相關的範本部份。
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"location": {
"type": "string",
"metadata": {
"description": "Deployment location"
}
},
"windowsOSVersion": {
"type": "string",
"defaultValue": "2016-Datacenter",
"allowedValues": [
"2008-R2-SP1",
"2012-Datacenter",
"2012-R2-Datacenter",
"2016-Nano-Server",
"2016-Datacenter-with-Containers",
"2016-Datacenter",
"2019-Datacenter"
],
"metadata": {
"description": "The Windows version for the VM. This will pick a fully patched image of this given Windows version."
}
},
"vmName": {
"type": "string",
"metadata": {
"title": "VM Name",
"description": "This is the name of the your VM"
}
},
"adminUsername": {
"type": "string",
"defaultValue": "testadmin",
"metadata": {
"description": "Username for the Virtual Machine."
}
},
"adminPassword": {
"type": "securestring",
"metadata": {
"description": "Password for the Virtual Machine."
}
},
"virtualNetworkName": {
"type": "string",
"metadata": {
"description": "New or Existing VNet Name"
}
},
"virtualNetworkNewOrExisting": {
"type": "string",
"metadata": {
"description": "Boolean indicating whether the VNet is new or existing"
}
},
"virtualNetworkAddressPrefix": {
"type": "string",
"metadata": {
"description": "VNet address prefix"
}
},
"virtualNetworkResourceGroup": {
"type": "string",
"metadata": {
"description": "Resource group of the VNet"
}
},
"virtualMachineSize": {
"type": "string",
"metadata": {
"description": "The size of the VM"
}
},
"subnetName": {
"type": "string",
"metadata": {
"description": "New or Existing subnet Name"
}
},
"subnetAddressPrefix": {
"type": "string",
"metadata": {
"description": "Subnet address prefix"
}
},
"baseUrl": {
"type": "string",
"defaultValue": "",
"metadata": {
"artifactsBaseUrl": "",
"description": "URL to acquire other templates"
}
}
},
"variables": {
"storageAccountName": "[concat(uniquestring(resourceGroup().id), 'sawinvm')]",
"publicIPAddressName": "[concat(uniqueString(resourceGroup().id),'IP')]",
"vmName": "[parameters('vmName')]",
"nicName": "[concat(parameters('vmName'),'Nic')]",
"vnetId": {
"new": "[resourceId('Microsoft.Network/virtualNetworks',parameters('virtualNetworkName'))]",
"existing": "[resourceId(parameters('virtualNetworkResourceGroup'),'Microsoft.Network/virtualNetworks',parameters('virtualNetworkName'))]"
},
"subnetId": "[concat(variables('vnetId')[parameters('virtualNetworkNewOrExisting')],'/subnets/',parameters('subnetName'))]",
"publicIPAddressType": "Dynamic"
},
"resources": [
{
"condition": "[equals(parameters('virtualNetworkNewOrExisting'),'new')]",
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2021-02-01",
"name": "[parameters('virtualNetworkName')]",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('virtualNetworkAddressPrefix')]"
]
},
"subnets": [
{
"name": "[parameters('subnetName')]",
"properties": {
"addressPrefix": "[parameters('subnetAddressPrefix')]"
}
}
]
}
},
{
"type": "Microsoft.Network/publicIPAddresses",
"name": "[variables('publicIPAddressName')]",
"apiVersion": "2021-02-01",
"location": "[parameters('location')]",
"properties": {
"publicIPAllocationMethod": "[variables('publicIPAddressType')]"
}
},
{
"type": "Microsoft.Network/networkInterfaces",
"name": "[variables('nicName')]",
"apiVersion": "2021-02-01",
"location": "[parameters('location')]",
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('publicIPAddressName'))]"
},
"subnet": {
"id": "[variables('subnetId')]"
}
}
}
],
"enableIPForwarding": true
},
"dependsOn": [
"[concat('Microsoft.Network/publicIPAddresses/', variables('publicIPAddressName'))]",
"[resourceId('Microsoft.Network/virtualNetworks/', parameters('virtualNetworkName'))]"
]
},
{
"type": "Microsoft.Storage/storageAccounts",
"apiVersion": "2021-04-01",
"name": "[variables('storageAccountName')]",
"location": "[parameters('location')]",
"sku": {
"name": "Standard_LRS"
},
"kind": "Storage",
"properties": {}
},
{
"type": "Microsoft.Compute/virtualMachines",
"apiVersion": "2021-04-01",
"name": "[variables('vmName')]",
"location": "[parameters('location')]",
"dependsOn": [
"[resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))]",
"[resourceId('Microsoft.Network/networkInterfaces/', variables('nicName'))]"
],
"properties": {
"hardwareProfile": {
"vmSize": "[parameters('virtualMachineSize')]"
},
"osProfile": {
"computerName": "[variables('vmName')]",
"adminUsername": "[parameters('adminUsername')]",
"adminPassword": "[parameters('adminPassword')]"
},
"storageProfile": {
"imageReference": {
"publisher": "MicrosoftWindowsServer",
"offer": "WindowsServer",
"sku": "[parameters('windowsOSVersion')]",
"version": "latest"
},
"osDisk": {
"createOption": "FromImage"
},
"dataDisks": [
{
"diskSizeGB": 1023,
"lun": 0,
"createOption": "Empty"
}
]
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces',variables('nicName'))]"
}
]
},
"diagnosticsProfile": {
"bootDiagnostics": {
"enabled": true,
"storageUri": "[reference(resourceId('Microsoft.Storage/storageAccounts/', variables('storageAccountName'))).primaryEndpoints.blob]"
}
}
}
}
]
}
請注意,虛擬網路是經過有條件地部署。 取用者會傳入參數值,指出要建立新的虛擬網路或使用現有的虛擬網路。 如果取用者選取新的虛擬網路,系統便會部署資源。 若要使用現有的虛擬網路,就會在部署期間略過資源。
{
"condition": "[equals(parameters('virtualNetworkNewOrExisting'),'new')]",
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2021-02-01",
"name": "[parameters('virtualNetworkName')]",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('virtualNetworkAddressPrefix')]"
]
},
"subnets": [
{
"name": "[parameters('subnetName')]",
"properties": {
"addressPrefix": "[parameters('subnetAddressPrefix')]"
}
}
]
}
},
虛擬網路識別碼的變數有兩個屬性。 當新的虛擬網路完成部署,其中一個屬性會傳回資源識別碼。 而使用現有的虛擬網路時,就會由另一個屬性傳回資源識別碼。 現有虛擬網路的資源識別碼包括虛擬網路所屬的資源群組名稱。
子網識別碼是由虛擬網路識別碼的值所建構而成, 其所使用的值會符合取用者選取的項目。
"variables": {
"storageAccountName": "[concat(uniquestring(resourceGroup().id), 'sawinvm')]",
"publicIPAddressName": "[concat(uniqueString(resourceGroup().id),'IP')]",
"vmName": "[parameters('vmName')]",
"nicName": "[concat(parameters('vmName'),'Nic')]",
"vnetId": {
"new": "[resourceId('Microsoft.Network/virtualNetworks',parameters('virtualNetworkName'))]",
"existing": "[resourceId(parameters('virtualNetworkResourceGroup'),'Microsoft.Network/virtualNetworks',parameters('virtualNetworkName'))]"
},
"subnetId": "[concat(variables('vnetId')[parameters('virtualNetworkNewOrExisting')],'/subnets/',parameters('subnetName'))]",
"publicIPAddressType": "Dynamic"
},
網路介面設為子網識別碼變數。
{
"type": "Microsoft.Network/networkInterfaces",
"name": "[variables('nicName')]",
"apiVersion": "2021-02-01",
"location": "[parameters('location')]",
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses',variables('publicIPAddressName'))]"
},
"subnet": {
"id": "[variables('subnetId')]"
}
}
}
],
"enableIPForwarding": true
},
UI 定義
現在,讓我們看看 createUiDefinition.json 檔案。 完整檔案如下:
{
"handler": "Microsoft.Azure.CreateUIDef",
"version": "0.1.2-preview",
"parameters": {
"basics": [],
"steps": [
{
"name": "deploymentDetails",
"label": "Deployment Details",
"subLabel": {
"preValidation": "Required",
"postValidation": "Done"
},
"bladeTitle": "Deployment Details",
"elements": [
{
"name": "virtualMachine",
"type": "Microsoft.Common.Section",
"elements": [
{
"name": "vmName",
"type": "Microsoft.Common.TextBox",
"label": "VM Name",
"toolTip": "Name of your virtual machine",
"constraints": {
"required": true
}
},
{
"name": "vmPassword",
"type": "Microsoft.Compute.CredentialsCombo",
"label": {
"password": "Password",
"confirmPassword": "Confirm password"
},
"toolTip": {
"password": ""
},
"constraints": {
"required": true,
"customPasswordRegex": "^(?=.*[A-Za-z])(?=.*\\d)[A-Za-z\\d]{12,}$",
"customValidationMessage": "The password must be alphanumeric, contain at least 12 characters, and have at least 1 letter and 1 number."
},
"options": {
"hideConfirmation": false
},
"osPlatform": "Windows",
"visible": true
}
],
"visible": true
},
{
"name": "vnet",
"type": "Microsoft.Network.VirtualNetworkCombo",
"label": {
"virtualNetwork": "Virtual Network",
"subnets": "Subnets"
},
"defaultValue": {
"name": "vmx-vnet",
"addressPrefixSize": "/16"
},
"constraints": {
"minAddressPrefixSize": "/24"
},
"subnets": {
"subnet1": {
"label": "Subnet",
"defaultValue": {
"name": "vmx-subnet",
"addressPrefixSize": "/24"
},
"constraints": {
"minAddressPrefixSize": "/29",
"minAddressCount": 8,
"requireContiguousAddresses": true
}
}
}
},
{
"name": "VMSize",
"type": "Microsoft.Compute.SizeSelector",
"label": "VM size",
"toolTip": "The size of virtual machine for VM.",
"recommendedSizes": [
"Standard_D2_v2",
"Standard_D2_v3"
],
"constraints": {
"allowedSizes": [
"Standard_D2_v2",
"Standard_D2_v3"
],
"excludedSizes": []
},
"osPlatform": "Windows",
"imageReference": {
"publisher": "MicrosoftWindowsServer",
"offer": "WindowsServer",
"sku": "2012-R2-Datacenter"
}
}
]
},
{
"name": "identityDetails",
"label": "Managed Identity Details",
"subLabel": {
"preValidation": "Required",
"postValidation": "Done"
},
"bladeTitle": "Managed Identity Details",
"elements": [
{
"name": "identity",
"type": "Microsoft.ManagedIdentity.IdentitySelector",
"label": "Managed Identity Configuration",
"toolTip": {
"systemAssignedIdentity": "Enable system assigned identity to grant the resource access to other existing resources.",
"userAssignedIdentity": "Add user assigned identities to grant the resource access to other existing resources."
},
"defaultValue": {
"systemAssignedIdentity": "Off"
},
"options": {
"hideSystemAssignedIdentity": false,
"hideUserAssignedIdentity": false
},
"visible": true
}
]
}
],
"outputs": {
"location": "[location()]",
"vmName": "[steps('deploymentDetails').virtualMachine.vmName]",
"adminPassword": "[steps('deploymentDetails').virtualMachine.vmPassword.password]",
"virtualNetworkName": "[steps('deploymentDetails').vnet.name]",
"virtualNetworkNewOrExisting": "[steps('deploymentDetails').vnet.newOrExisting]",
"virtualNetworkAddressPrefix": "[first(steps('deploymentDetails').vnet.addressPrefixes)]",
"virtualNetworkResourceGroup": "[steps('deploymentDetails').vnet.resourceGroup]",
"virtualMachineSize": "[steps('deploymentDetails').VMSize]",
"subnetName": "[steps('deploymentDetails').vnet.subnets.subnet1.name]",
"subnetAddressPrefix": "[steps('deploymentDetails').vnet.subnets.subnet1.addressPrefix]",
"managedIdentity": "[steps('identityDetails').identity]"
}
}
}
檔案包括虛擬網路元素。
{
"name": "vnet",
"type": "Microsoft.Network.VirtualNetworkCombo",
"label": {
"virtualNetwork": "Virtual Network",
"subnets": "Subnets"
},
"defaultValue": {
"name": "vmx-vnet",
"addressPrefixSize": "/16"
},
"constraints": {
"minAddressPrefixSize": "/24"
},
"subnets": {
"subnet1": {
"label": "Subnet",
"defaultValue": {
"name": "vmx-subnet",
"addressPrefixSize": "/24"
},
"constraints": {
"minAddressPrefixSize": "/29",
"minAddressCount": 8,
"requireContiguousAddresses": true
}
}
}
},
該元素可讓取用者選取全新或現有的虛擬網路。
您會在輸出中包括一個值,以指出取用者選取的是全新或現有的虛擬網路。 同時也包含受控識別的值。
注意
受控識別的輸出值必須命名為 managedIdentity。
"outputs": {
"location": "[location()]",
"vmName": "[steps('deploymentDetails').virtualMachine.vmName]",
"adminPassword": "[steps('deploymentDetails').virtualMachine.vmPassword.password]",
"virtualNetworkName": "[steps('deploymentDetails').vnet.name]",
"virtualNetworkNewOrExisting": "[steps('deploymentDetails').vnet.newOrExisting]",
"virtualNetworkAddressPrefix": "[first(steps('deploymentDetails').vnet.addressPrefixes)]",
"virtualNetworkResourceGroup": "[steps('deploymentDetails').vnet.resourceGroup]",
"virtualMachineSize": "[steps('deploymentDetails').VMSize]",
"subnetName": "[steps('deploymentDetails').vnet.subnets.subnet1.name]",
"subnetAddressPrefix": "[steps('deploymentDetails').vnet.subnets.subnet1.addressPrefix]",
"managedIdentity": "[steps('identityDetails').identity]"
}
下一步
若要深入了解如何建立 UI 定義檔案,請參閱適用於 Azure 受控應用程式建立體驗的 CreateUiDefinition.json。