自动化NSG部署 [英] Automated NSG Deployment
问题描述
我正在研究通过VSTS或脚本自动应用NSG的选项。我开始的是我需要应用的所有NSG的JSON格式。 NSG都应用于VNET级别的子网。
目前我有一个管道将推出使用PowerShell脚本到子网。有没有人尝试过更好的方法? LogicApps或任何其他方法?
要求很简单:
- 我需要应用单个NSG,I
- 我需要将所有NSG应用于所有子网以确保它们是正确的并反转某人手动进行的任何更改。我可以使用子网的名称进行更新,并且正确的NSG将应用于子网
- 我需要将所有NSG应用于所有子网。所有更改都应该记录在VSTS的Repo中。
你当前的方法是我怎么做的,迭代通过你的VNETS&子网,将NSG推送到任何需要的地方。 但我很想知道其他人如何解决这个任务。
之前人们问过的一个问题是如何检测到已创建新的子网并将NSG推送到它。我所拥有的最佳解决方案是将子网扫描设置为间隔(每日,每周等),但子网将在部署和子网扫描
之间的短时间内打开。
Hi,
I am investigating options to automatically apply NSG's via VSTS or scripts. What I am starting with is JSON format of all the NSG's that I would need to apply. The NSG's are all applied to the subnets on the VNET level.
Currently I have a pipeline that will push out using powershell scripts out to the subnet. Is there a better way that anyone has tried? LogicApps or any other method?
The requirements are simple:
- I need to apply single NSG, I can just update with the name of the subnet and the right NSG will apply to the subnet
- I need to apply all NSG to all subnet's to ensure they are correct and reverse any changes that someone has made manually. All changes should be recorded in a Repo in VSTS.
you current method is how I would do it, Iterate through your VNETS & Subnets, push NSGs to anything needed. but I am curious to see how others would solve this task.
One issue that people have asked before is how to detect that a new Subnet has been created and push a NSG to it. The best solution that I have is to set the Subnet Scan to an interval (daily, weekly, ect) but subnets will be open for a short time between the deployment and the Subnet Scan.
这篇关于自动化NSG部署的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
