尝试使用 Bicep trmplate 部署 Web 应用程序网络设置时收到“BadRequest”

问题描述 投票:0回答:1

在部署 Web 应用程序网络入站流量配置时,我想将公共网络访问设置选择为“选择虚拟网络和 IP 地址”,在其中我将使用另一个专用端点模块添加专用端点。 它允许我手动更改网络,但在通过管道部署时,bicep 给了我“BadRequest”错误。

resource appPlan 'Microsoft.Web/serverfarms@2022-03-01' existing = {
  name: appPlan
}

resource webApp 'Microsoft.Web/sites@2022-03-01' = {
  name: webAppName
  location: location
  tags: tags
  kind: 'app'
  identity: 'SystemAssigned'
  properties: {
    reserved: true
    serverFarmId: serverFarm.id
    httpsOnly: true
    vnetRouteAllEnabled: false
    publicNetworkAccess: 'Enabled'
    virtualNetworkSubnetId: subnetid
    siteConfig: {
      alwaysOn: true
      ftpsState: 'Disabled'
      appSettings: AppSettings
    }
  }
}

// Change public access to enabled with specific access
resource webAppNetworkAccess 'Microsoft.Web/sites/config@2022-03-01' = {
  parent: webApp
  name: 'config'
  properties: {
    publicNetworkAccess: 'Enabled'
    ipSecurityRestrictions: [
      {
        ipAddress: '10.0.0.0/19'
        action: 'Allow'
        tag: 'Default'
        priority: 100
        name: 'subnet1'
      }
      {
        ipAddress: '10.0.0.1/19'
        action: 'Allow'
        tag: 'Default'
        priority: 110
        name: 'Subnet2'
      }
      {
        ipAddress: 'Any'
        action: 'Deny'
        priority: 12345678
        name: 'Deny all'
        description: 'Deny all access'
      }
    ]
  }
}

这就是目前的情况 enter image description here

这就是我想用二头肌实现的目标 enter image description here

azure network-programming azure-devops azure-web-app-service azure-bicep
1个回答
0
投票

尝试使用 Bicep 模板部署 Web 应用程序网络设置时收到“错误请求”:

您需要为专用端点配置特定的 DNS 区域组和网络配置才能实现要求。使用下面的二头肌代码以获得清晰的方法。

var AddressPrefix = '10.0.0.0/16'
var privateDnsZone = 'privatelink${environment().suffixes.Hostname}'
resource appPlan 'Microsoft.Web/serverfarms@2020-06-01' = {
  name: 'AppServicePlanjah'
  location: resourceGroup().location
  properties: {
    reserved: true
  }
  sku: {
    name: 'P1V2'
  }
  kind: 'linux'
}
resource webApp 'Microsoft.Web/sites@2022-03-01' = {
  name: 'abrakjam'
  location: resourceGroup().location
  kind: 'app'
  identity: {
    type: 'SystemAssigned'
  }
  properties: {
    reserved: true
    serverFarmId: appPlan.id
    httpsOnly: true
    vnetRouteAllEnabled: false
    publicNetworkAccess: 'Enabled'
    siteConfig: {
      alwaysOn: false
      ftpsState: 'Disabled'
    }
  }
}
resource webAppNetworkAccess 'Microsoft.Web/sites/config@2022-03-01' = {
  parent: webApp
  name: 'web'
  properties: {
    publicNetworkAccess: 'Enabled'
    ipSecurityRestrictions: [
      {
        ipAddress: '10.0.0.0/19'
        action: 'Allow'
        tag: 'Default'
        priority: 100
        name: 'AllowSubnet1'
      }
      {
        ipAddress: '10.0.0.1/19'
        action: 'Allow'
        tag: 'Default'
        priority: 110
        name: 'AllowSubnet2'
      }
      {
        ipAddress: 'Any'
        action: 'Deny'
        priority: 200
        name: 'DenyAll'
        description: 'Deny all other access'
      }
    ]
  }
}
resource vnet 'Microsoft.Network/virtualNetworks@2021-05-01' = {
  name: 'sdaskjd'
  location: resourceGroup().location
  properties: {
    addressSpace: {
      addressPrefixes: [
        AddressPrefix
      ]
    }
  }
}

resource subnet 'Microsoft.Network/virtualNetworks/subnets@2021-05-01' = {
  parent: vnet
  name: 'askdjlksjd'
  properties: {
    addressPrefix: '10.0.0.0/24'
    privateEndpointNetworkPolicies: 'Disabled'
  }
}

resource privateEndpoint 'Microsoft.Network/privateEndpoints@2022-01-01' = {
  name: 'asjd-privateEndpoint'
  location: resourceGroup().location
  properties: {
    subnet: {
      id: subnet.id
    }
    privateLinkServiceConnections: [
      {
        name: 'plsConnection'
        properties: {
          privateLinkServiceId: webApp.id
          groupIds: ['sites'] 
        }
      }
    ]
  }
}

resource privateDnsZone 'Microsoft.Network/privateDnsZones@2020-06-01' = {
  name: privateDnsZone
  location: 'global'
  properties: {}
  dependsOn: [
    vnet
  ]
}
resource dnsZone 'Microsoft.Network/privateEndpoints/privateDnsZoneGroups@2024-01-01' = {
  parent: privateEndpoint
  name: 'sddnsZoneGroup'
  properties: {
    privateDnsZoneConfigs: [
      {
        name: 'default'
        properties: {
          privateDnsZoneId: privateDnsZone.id
        }
      }
    ]
  }
}

输出

enter image description here

enter image description here

enter image description here

最新问题
© www.soinside.com 2019 - 2024. All rights reserved.