我遇到一个问题,其中由于以下错误,用于azure vmss的新部署(已启用托管身份)首次失败-
代码:ResourceNotFound。消息:找不到资源组“”下的资源“ Microsoft.Compute / virtualMachineScaleSets /”
以下是我的手臂模板的相关摘要-
VMSS部分-
{
"type": "Microsoft.Compute/virtualMachineScaleSets",
"sku": {
"name": "[parameters('vmNodeType0Size')]",
"capacity": "[parameters('defaultVMScaleSetSize')]",
"tier": "Standard"
},
"name": "[variables('vmNodeType0Name')]",
"apiVersion": "[variables('vmssApiVersion')]",
"location": "[parameters('computeLocation')]",
"tags": {
"resourceType": "Service Fabric",
"clusterName": "[variables('cloudClusterName')]"
},
"identity": {
"type": "systemAssigned"
},
"properties": {
...
}
}
访问策略部分-
{
"type": "Microsoft.KeyVault/vaults/accessPolicies",
"name": "[concat(variables('KeyVaultName'), '/add')]",
"apiVersion": "2018-02-14",
"properties": {
"accessPolicies": [
{
"tenantId": "[reference(concat('Microsoft.Compute/virtualMachineScaleSets/', variables('vmNodeType0Name'), '/providers/Microsoft.ManagedIdentity/Identities/default'), '2015-08-31-PREVIEW').tenantId]",
"objectId": "[reference(concat('Microsoft.Compute/virtualMachineScaleSets/', variables('vmNodeType0Name'), '/providers/Microsoft.ManagedIdentity/Identities/default'), '2015-08-31-PREVIEW').principalId]",
"permissions": {
"keys": [
"get"
],
"secrets": [
"get",
"set"
],
"certificates": [
"get"
]
}
}
]
},
"dependsOn": [
"[concat('Microsoft.KeyVault/vaults/', variables('KeyVaultName'))]"
]
}
似乎ARM甚至在创建VMSS本身之前就尝试为VMSS部署托管身份,因此它失败了。我找不到为托管身份创建添加对VMSS创建的依赖关系的方法。随后的部署成功,因为此时已创建了VMSS。
尝试将以下内容添加到KV资源:
"dependsOn": [ "[variables('vmNodeType0Name')]" ]
如果不起作用,请将将对KV的访问策略添加到链接模板部署中,并使该部署依赖于vmss规定。那将始终有效。