我的目标是使 Azure 托管 Grafana 能够访问没有公共(public)终结点的 Azure Monitor 帐户,因此应该私下访问。我想通了this文档表明我需要“托管专用端点”,并且我成功地在门户中创建了工作配置。但是,我未能找到相应的 Bicep 脚本来创建所述“托管私有(private)端点”。
创建 Grafana 和私有(private)端点的部分类似于下面的代码(创建 Microsoft.Monitor/accounts 的模块被省略)
resource managedGrafana 'Microsoft.Dashboard/grafana@2022-08-01' = {
name: 'mg-global'
location: location
sku: {
name: 'Standard'
}
identity: {
type: 'SystemAssigned'
}
properties: {
apiKey: 'Disabled'
publicNetworkAccess: 'Disabled'
grafanaIntegrations: {
azureMonitorWorkspaceIntegrations: [
{
azureMonitorWorkspaceResourceId: resourceId('microsoft.monitor/accounts', monitorWorkspaceName)
}
]
}
}
}
resource privateEndpoint 'Microsoft.Network/privateEndpoints@2023-02-01' = {
name: 'pe-global-grafana'
location: location
properties: {
privateLinkServiceConnections: [
{
name: 'pe-grafana'
properties: {
privateLinkServiceId: managedGrafana.id
groupIds: [
'grafana'
]
}
}
]
subnet: {
id: subnetId
}
}
}
resource privateEndpointPrometheus 'Microsoft.Network/privateEndpoints@2022-11-01' = {
name: 'pe-global-prometheus'
location: location
properties: {
privateLinkServiceConnections: [
{
name: 'pe-prometheus'
properties: {
privateLinkServiceId: monitorWorkspaceId
groupIds: [
'prometheusMetrics'
]
}
}
]
subnet: {
id: subnetId
}
}
}
最佳答案
回答我自己的问题:截至目前(2023 年 8 月),无法在 Bicep 中创建 Grafana 托管的专用端点。另一种方法是直接调用 ARM 端点,例如:
az rest --method put --url "https://management.azure.com/subscriptions/<SUBSCRIPTION_ID>/resourceGroups/<RESOURCE_GROUP>/providers/Microsoft.Dashboard/grafana/<AZURE_GRAFANA_NAME>/managedPrivateEndpoints/managed-endpoint?api-version=2022-10-01-preview" \
--body "{ \"location\": \"<LOCATION>\", \"properties\": { \
\"privateLinkResourceId\":\"<Resource ID to Azure Monitor Workspace>\", \"groupIds\": \
[ \"prometheusMetrics\" ], \"requestMessage\": \"\", \
\"privateLinkResourceRegion\": \"<LOCATION>\" } }"
关于azure - 用于创建 "Managed Private Endpoint"以私下访问 Azure Monitor 工作区的 Bicep 脚本,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/76795192/