问题
I'm trying to create sql database with private endpoint (preview enabled).
I'm getting following error:
{"code":"DeploymentFailed","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-debug for usage details.","details":[{"code":"BadRequest","message":"{\r\n \"error\": {\r\n \"code\": \"PrivateEndpointCannotBeCreatedInSubnetThatHasNetworkPoliciesEnabled\",\r\n \"message\": \"Private endpoint /subscriptions/1efd84d6-173f-42cc-80db-7b2c17eb0edd/resourceGroups/eu_poland_general/providers/Microsoft.Network/privateEndpoints/plink-private-endpoint cannot be created in a subnet /subscriptions/1efd84d6-173f-42cc-80db-7b2c17eb0edd/resourceGroups/eu_poland_general/providers/Microsoft.Network/virtualNetworks/plink-vnet-2/subnets/plsubnet since it has private endpoint network policies enabled.\",\r\n \"details\": []\r\n }\r\n}"}]}
it seems that the virtual network subnet that i'm trying to connect has some option enabled. I have went through all the options in portal, but can't really find anything usefull
回答1:
From that error message:PrivateEndpointCannotBeCreatedInSubnetThatHasNetworkPoliciesEnabled,
You could disable network policies for private endpoints in that subnet virtualNetworks/plink-vnet-2/subnets/plsubnet with Azure PowerShell or Azure CLI or template.
For example, using Azure CLI,
az network vnet subnet update \
--name default \
--resource-group myResourceGroup \
--vnet-name myVirtualNetwork \
--disable-private-endpoint-network-policies true
回答2:
In the portal, I'm assuming you are doing this from the sql database create. You should be able to create a sql database without a private endpoint and then use the individual private endpoint create as it will properly handle disabling the network policies in the subnet for the private endpoint. You can find the individual private endpoint create as the first start button in the overview of the Private Link Center.
来源:https://stackoverflow.com/questions/58390218/private-endpoint-in-azure