快速入门:创建 NAT 网关 - ARM 模板
通过 Azure 资源管理器模板(ARM 模板)开始使用 Azure NAT 网关。 此模板部署虚拟网络、NAT 网关资源和 Ubuntu 虚拟机。 Ubuntu 虚拟机将部署到与 NAT 网关资源关联的子网。
Azure 资源管理器模板是定义项目基础结构和配置的 JavaScript 对象表示法 (JSON) 文件。 模板使用声明性语法。 你可以在不编写用于创建部署的编程命令序列的情况下,描述预期部署。
如果你的环境满足先决条件,并且你熟悉如何使用 ARM 模板,请选择“部署到 Azure”按钮。 模板将在 Azure 门户中打开。
先决条件
- 如果没有 Azure 订阅,可在开始前创建一个试用帐户。
查看模板
本快速入门中使用的模板来自 Azure 快速启动模板。
此模板配置为创建:
虚拟网络
NAT 网关资源
Ubuntu 虚拟机
Ubuntu VM 部署到与 NAT 网关资源关联的子网。
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"metadata": {
"_generator": {
"name": "bicep",
"version": "0.4.1272.37030",
"templateHash": "8775765973444437006"
}
},
"parameters": {
"vmname": {
"type": "string",
"defaultValue": "myVM",
"metadata": {
"description": "Name of the virtual machine"
}
},
"vmsize": {
"type": "string",
"defaultValue": "Standard_D2s_v3",
"metadata": {
"description": "Size of the virtual machine"
}
},
"vnetname": {
"type": "string",
"defaultValue": "myVnet",
"metadata": {
"description": "Name of the virtual network"
}
},
"subnetname": {
"type": "string",
"defaultValue": "mySubnet",
"metadata": {
"description": "Name of the subnet for virtual network"
}
},
"vnetaddressspace": {
"type": "string",
"defaultValue": "192.168.0.0/16",
"metadata": {
"description": "Address space for virtual network"
}
},
"vnetsubnetprefix": {
"type": "string",
"defaultValue": "192.168.0.0/24",
"metadata": {
"description": "Subnet prefix for virtual network"
}
},
"natgatewayname": {
"type": "string",
"defaultValue": "myNATgateway",
"metadata": {
"description": "Name of the NAT gateway"
}
},
"networkinterfacename": {
"type": "string",
"defaultValue": "myvmNIC",
"metadata": {
"description": "Name of the virtual machine nic"
}
},
"publicipname": {
"type": "string",
"defaultValue": "myPublicIP",
"metadata": {
"description": "Name of the NAT gateway public IP"
}
},
"nsgname": {
"type": "string",
"defaultValue": "myVMnsg",
"metadata": {
"description": "Name of the virtual machine NSG"
}
},
"publicipvmname": {
"type": "string",
"defaultValue": "myPublicIPVM",
"metadata": {
"description": "Name of the virtual machine public IP"
}
},
"publicipprefixname": {
"type": "string",
"defaultValue": "myPublicIPPrefix",
"metadata": {
"description": "Name of the NAT gateway public IP"
}
},
"adminusername": {
"type": "string",
"metadata": {
"description": "Administrator username for virtual machine"
}
},
"adminpassword": {
"type": "secureString",
"metadata": {
"description": "Administrator password for virtual machine"
}
},
"location": {
"type": "string",
"defaultValue": "[resourceGroup().location]",
"metadata": {
"description": "Name of resource group"
}
}
},
"resources": [
{
"type": "Microsoft.Network/networkSecurityGroups",
"apiVersion": "2021-05-01",
"name": "[parameters('nsgname')]",
"location": "[parameters('location')]",
"properties": {
"securityRules": [
{
"name": "SSH",
"properties": {
"protocol": "Tcp",
"sourcePortRange": "*",
"destinationPortRange": "22",
"sourceAddressPrefix": "*",
"destinationAddressPrefix": "*",
"access": "Allow",
"priority": 300,
"direction": "Inbound"
}
}
]
}
},
{
"type": "Microsoft.Network/publicIPAddresses",
"apiVersion": "2021-05-01",
"name": "[parameters('publicipname')]",
"location": "[parameters('location')]",
"sku": {
"name": "Standard"
},
"properties": {
"publicIPAddressVersion": "IPv4",
"publicIPAllocationMethod": "Static",
"idleTimeoutInMinutes": 4
}
},
{
"type": "Microsoft.Network/publicIPAddresses",
"apiVersion": "2021-05-01",
"name": "[parameters('publicipvmname')]",
"location": "[parameters('location')]",
"sku": {
"name": "Standard"
},
"properties": {
"publicIPAddressVersion": "IPv4",
"publicIPAllocationMethod": "Static",
"idleTimeoutInMinutes": 4
}
},
{
"type": "Microsoft.Network/publicIPPrefixes",
"apiVersion": "2021-05-01",
"name": "[parameters('publicipprefixname')]",
"location": "[parameters('location')]",
"sku": {
"name": "Standard"
},
"properties": {
"prefixLength": 31,
"publicIPAddressVersion": "IPv4"
}
},
{
"type": "Microsoft.Compute/virtualMachines",
"apiVersion": "2021-11-01",
"name": "[parameters('vmname')]",
"location": "[parameters('location')]",
"properties": {
"hardwareProfile": {
"vmSize": "[parameters('vmsize')]"
},
"storageProfile": {
"imageReference": {
"publisher": "Canonical",
"offer": "UbuntuServer",
"sku": "18.04-LTS",
"version": "latest"
},
"osDisk": {
"osType": "Linux",
"name": "[format('{0}_disk1', parameters('vmname'))]",
"createOption": "FromImage",
"caching": "ReadWrite",
"managedDisk": {
"storageAccountType": "Premium_LRS"
},
"diskSizeGB": 30
}
},
"osProfile": {
"computerName": "[parameters('vmname')]",
"adminUsername": "[parameters('adminusername')]",
"adminPassword": "[parameters('adminpassword')]",
"linuxConfiguration": {
"disablePasswordAuthentication": false,
"provisionVMAgent": true
},
"allowExtensionOperations": true
},
"networkProfile": {
"networkInterfaces": [
{
"id": "[resourceId('Microsoft.Network/networkInterfaces', parameters('networkinterfacename'))]"
}
]
}
},
"dependsOn": [
"[resourceId('Microsoft.Network/networkInterfaces', parameters('networkinterfacename'))]"
]
},
{
"type": "Microsoft.Network/virtualNetworks",
"apiVersion": "2021-05-01",
"name": "[parameters('vnetname')]",
"location": "[parameters('location')]",
"properties": {
"addressSpace": {
"addressPrefixes": [
"[parameters('vnetaddressspace')]"
]
},
"subnets": [
{
"name": "[parameters('subnetname')]",
"properties": {
"addressPrefix": "[parameters('vnetsubnetprefix')]",
"natGateway": {
"id": "[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]"
},
"privateEndpointNetworkPolicies": "Enabled",
"privateLinkServiceNetworkPolicies": "Enabled"
}
}
],
"enableDdosProtection": false,
"enableVmProtection": false
},
"dependsOn": [
"[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]"
]
},
{
"type": "Microsoft.Network/natGateways",
"apiVersion": "2021-05-01",
"name": "[parameters('natgatewayname')]",
"location": "[parameters('location')]",
"sku": {
"name": "Standard"
},
"properties": {
"idleTimeoutInMinutes": 4,
"publicIpAddresses": [
{
"id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicipname'))]"
}
],
"publicIpPrefixes": [
{
"id": "[resourceId('Microsoft.Network/publicIPPrefixes', parameters('publicipprefixname'))]"
}
]
},
"dependsOn": [
"[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicipname'))]",
"[resourceId('Microsoft.Network/publicIPPrefixes', parameters('publicipprefixname'))]"
]
},
{
"type": "Microsoft.Network/virtualNetworks/subnets",
"apiVersion": "2021-05-01",
"name": "[format('{0}/{1}', parameters('vnetname'), 'mySubnet')]",
"properties": {
"addressPrefix": "[parameters('vnetsubnetprefix')]",
"natGateway": {
"id": "[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]"
},
"privateEndpointNetworkPolicies": "Enabled",
"privateLinkServiceNetworkPolicies": "Enabled"
},
"dependsOn": [
"[resourceId('Microsoft.Network/natGateways', parameters('natgatewayname'))]",
"[resourceId('Microsoft.Network/virtualNetworks', parameters('vnetname'))]"
]
},
{
"type": "Microsoft.Network/networkInterfaces",
"apiVersion": "2021-05-01",
"name": "[parameters('networkinterfacename')]",
"location": "[parameters('location')]",
"properties": {
"ipConfigurations": [
{
"name": "ipconfig1",
"properties": {
"privateIPAddress": "192.168.0.4",
"privateIPAllocationMethod": "Dynamic",
"publicIPAddress": {
"id": "[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicipvmname'))]"
},
"subnet": {
"id": "[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetname'), 'mySubnet')]"
},
"primary": true,
"privateIPAddressVersion": "IPv4"
}
}
],
"enableAcceleratedNetworking": false,
"enableIPForwarding": false,
"networkSecurityGroup": {
"id": "[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgname'))]"
}
},
"dependsOn": [
"[resourceId('Microsoft.Network/virtualNetworks/subnets', parameters('vnetname'), 'mySubnet')]",
"[resourceId('Microsoft.Network/networkSecurityGroups', parameters('nsgname'))]",
"[resourceId('Microsoft.Network/publicIPAddresses', parameters('publicipvmname'))]"
]
}
]
}
该模板中定义了 9 个 Azure 资源:
Microsoft.Network/networkSecurityGroups :创建网络安全组。
Microsoft.Network/networkSecurityGroups/securityRules :创建安全规则。
Microsoft.Network/publicIPAddresses :创建公共 IP 地址。
Microsoft.Network/publicIPPrefixes :创建公共 IP 前缀。
Microsoft.Network/virtualNetworks :创建虚拟网络。
Microsoft.Network/natGateways :创建 NAT 网关资源。
Microsoft.Network/virtualNetworks/subnets :创建虚拟网络子网。
Microsoft.Network/networkinterfaces :创建网络接口。
部署模板
注意
当我们使用以 https://raw.githubusercontent.com/ 开头的指定模板文件 URI 部署资源时,控制台有时会生成错误,如 Unable to download deployment content。
可以执行以下操作来解决相应问题。
复制模板 URI,通过更改前缀、中缀和模板文件名来转换 URI。 例如,源 URI 是
https://raw.githubusercontent.com/Azure/azure-quickstart-templates/master/101-cosmosdb-sql-autoscale/azuredeploy.json类别 原始值 转换后的值 操作 前缀 https://raw.githubusercontent.comhttps://github.com更新 中辍 blob在 master或main之前添加分支名称模板文件名 azuredeploy.json 你的下载模板文件名 update 修改后,转换后的 URI 看起来将类似于
https://github.com/Azure/azure-quickstart-templates/blob/master/101-cosmosdb-sql-autoscale/azuredeploy.json。请注意,某些模板 URI 已更新为 https://github.com/Azure/azure-quickstart-template/quickstarts/{Microsoft_Resource_Provider_Name}/ ,你可以按照相应的路径规定来更新原始 URI。
复制转换后的 URI,并在 Internet 浏览器中手动下载特定的模板内容。
修改从 GitHub 存储库下载或引用的模板,以适应 Azure 中国世纪互联环境。 例如,替换某些终结点(将“blob.core.windows.net”替换为“blob.core.chinacloudapi.cn”,将“cloudapp.azure.com”替换为“chinacloudapp.cn”);必要时更改某些不受支持的位置、VM 映像、VM 大小、SKU 以及资源提供程序的 API 版本。
将参数
-TemplateUri替换为-TemplateFile(对于 powershell)或将参数--template-uri替换为--template-file(针对 CLI),然后用已下载的实际文件名称更新指定的 URI,然后重新运行脚本。语言类别 参考链接 操作 PowerShell New-AzResourceGroupDeployment将 -TemplateUri替换为-TemplateFile
如有必要,请按照前面的步骤下载-TemplateParameterUri内容并在 cmdlet 中替换为-TemplateParameterFile。Azure CLI az deployment group create将 --template-uri替换为--template-file
查看已部署的资源
登录 Azure 门户。
从左侧窗格中选择“资源组”。
选择你在上一部分中创建的资源组。 默认资源组名称是 myResourceGroupNAT
验证是否在资源组中创建了以下资源:
清理资源
如果不再需要上述资源组、NAT 网关和所有相关资源,请将其删除。 选择包含 NAT 网关的资源组 myResourceGroupNAT,然后选择“删除”。
后续步骤
在本快速入门中,我们创建了:
NAT 网关资源
虚拟网络
Ubuntu 虚拟机
虚拟机部署到与 NAT 网关关联的虚拟网络子网。
要详细了解 Azure NAT 网关和 Azure 资源管理器,请继续阅读以下文章。
了解 NAT 网关资源
了解有关 Azure 资源管理器的详细信息