azure - 使用专用链接服务为 Azure 负载均衡器创建后端池时出现问题

标签 azure terraform azure-load-balancer azure-private-link

我计划使用 Azure 负载均衡器访问托管在两台服务器上的应用程序,该应用程序将使用私有(private)端点和私有(private)链接服务器从本地网络进行访问以进行私有(private)访问。当我尝试执行代码时,出现以下错误。如果我不使用后端池,我可以使用专用链接服务和专用端点创建负载均衡器,这可能会出现什么问题?

错误:创建专用链接服务:(名称“privatelink”/资源组“XXXXXXXX”):network.PrivateLinkServicesClient#CreateOrUpdate:发送请求失败:StatusCode=400 -- 原始错误:代码 =“PrivateLinkServiceIsNotSupportedForIPBasedLoadBalancer”消息“后端地址由 (virtualNetwork, ipAddress) 或 (subnet, ipAddress) 设置的负载均衡器/subscriptions/XXXXXXXX/providers/Microsoft.Network/privateLinkServices/privatelink 不支持专用链接服务。”详情=[]


resource "azurerm_subnet" "lbsubnet" {
  name                 = "lbsubnet"
  resource_group_name  = local.resource_group
  virtual_network_name = azurerm_virtual_network.devvm_net.name
  address_prefixes     = ["10.20.1.0/24"]

  enforce_private_link_service_network_policies = true
  depends_on = [
    azurerm_virtual_network.devvm_net
  ]

}

resource "azurerm_lb" "app_balancer" {
  name                = "app-balancer"
  location            = local.location
  resource_group_name = local.resource_group
  sku="Standard"
  sku_tier = "Regional"
  frontend_ip_configuration {
    name                 = "frontend-ip"
    subnet_id                     = azurerm_subnet.lbsubnet.id
   # private_ip_address_allocation = "Dynamic"
  }
}


// the backend pool
resource "azurerm_lb_backend_address_pool" "PoolA" {
  loadbalancer_id = azurerm_lb.app_balancer.id
  name            = "PoolA"
  depends_on=[
    azurerm_lb.app_balancer
  ]
}

resource "azurerm_lb_backend_address_pool_address" "vm1" {
  name                    = "vm1"
  backend_address_pool_id = azurerm_lb_backend_address_pool.PoolA.id
  virtual_network_id      = azurerm_virtual_network.devvm_net.id
  ip_address              = azurerm_network_interface.devvm1_interface1.private_ip_address
  #ip_address= "10.20.0.10"
}

resource "azurerm_lb_backend_address_pool_address" "appvm2_address" {
  name                    = "appvm2"
  backend_address_pool_id = azurerm_lb_backend_address_pool.PoolA.id
  virtual_network_id      = azurerm_virtual_network.devvm_net.id
  #ip_address              = azurerm_network_interface.devvm2_interface2.private_ip_address
  ip_address              = "10.20.0.5"
  depends_on=[
    azurerm_lb_backend_address_pool.PoolA
  ]
}


// Health Probe

resource "azurerm_lb_probe" "ProbeA" {
  resource_group_name = local.resource_group
  loadbalancer_id     = azurerm_lb.app_balancer.id
  name                = "probeA"
  port                = 80
  protocol            =  "Tcp"
  depends_on=[
    azurerm_lb.app_balancer
  ]
}

//  Load Balancing Rule
resource "azurerm_lb_rule" "RuleA" {
  resource_group_name            = local.resource_group
  loadbalancer_id                = azurerm_lb.app_balancer.id
  name                           = "RuleA"
  protocol                       = "Tcp"
  frontend_port                  = 80
  backend_port                   = 80
  frontend_ip_configuration_name = "frontend-ip"
  backend_address_pool_ids = [ azurerm_lb_backend_address_pool.PoolA.id ]
  depends_on=[
    azurerm_lb.app_balancer
  ]
}

//  the NAT Rules

resource "azurerm_lb_nat_rule" "NATRuleA" {
  resource_group_name            = local.resource_group
  loadbalancer_id                = azurerm_lb.app_balancer.id
  name                           = "RDPAccess"
  protocol                       = "Tcp"
  frontend_port                  = 3389
  backend_port                   = 3389
  frontend_ip_configuration_name = "frontend-ip"
  depends_on=[
    azurerm_lb.app_balancer
  ]
}

resource "azurerm_virtual_network" "pvt-endpoint-vnet" {
  name                = "pvtendpoint-network"
  location            = local.location
  resource_group_name = local.resource_group
  address_space       = ["10.50.0.0/16"]  
}

resource "azurerm_subnet" "endpoint-subnet" {
  name                 = "endpoint-subnet"
  resource_group_name  = local.resource_group
  virtual_network_name = azurerm_virtual_network.pvt-endpoint-vnet.name
  address_prefixes     = ["10.50.0.0/24"]

  enforce_private_link_endpoint_network_policies = true
}


resource "azurerm_private_link_service" "privatelink-service" {
  name                = "privatelink"
  location            = local.location
  resource_group_name = local.resource_group
  load_balancer_frontend_ip_configuration_ids = [azurerm_lb.app_balancer.frontend_ip_configuration.0.id]

  nat_ip_configuration {
    name      = "pls-ip"
    primary   = true
    subnet_id = azurerm_subnet.lbsubnet.id
  }
}

resource "azurerm_private_endpoint" "private_endpoint" {
  name                = "private-endpoint"
  location            = local.location
  resource_group_name = local.resource_group
  subnet_id           = azurerm_subnet.endpoint-subnet.id

  private_service_connection {
    name                           = "privateserviceconnection"
    private_connection_resource_id = azurerm_private_link_service.privatelink-service.id
    is_manual_connection           = false
  }
}

最佳答案

关于azure - 使用专用链接服务为 Azure 负载均衡器创建后端池时出现问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/72784645/

上一篇:angular - 当 Cypress E2E 中的任何一个测试失败时,Azure 构建就会失败

下一篇:azure - 如何检查 Azure Active Directory 中的用户权限

相关文章:

azure - Azure Functions 何时支持 AD MSAL 3.0 身份验证?

azure - 使用证书调用 Windows Azure ACS 时出错

c - 了解 Azure IoT Edge 模块

amazon-web-services - 何时使用terraform vs无服务器框架来部署AWS Lambda和周围资源?

kubernetes - Terraform 应用抛出错误 "timeout while waiting for plugin to start"

具有 IPv6 和 IPv4 前端支持的 Azure 负载均衡器

子网内的 Azure 负载均衡器

c# - 在 Azure Function 中覆盖 function.json 时出现问题

terraform - 使用 terraform 创建 aws cognito 用户池会禁用电子邮件验证

azure - 创建具有区域冗余属性的 Azure 内部负载均衡器

©2024 IT工具网  联系我们