Esempi di Criteri di Azure per aggiungere risorse ad Azure Chaos Studio
Articolo 20/11/2024
6 contributori
Commenti e suggerimenti
In questo articolo
Definizione di criteri di Cache Redis di Azure
Definizione dii criteri di Azure Cosmos DB
Definizione di criteri del servizio Azure Kubernetes
Definizione di criteri del gruppo di sicurezza di rete di Azure
Definizione di criteri di Macchine virtuali di Azure
Definizione di criteri dei set di scalabilità di macchine virtuali di Azure
Risoluzione dei problemi relativi a Criteri di Azure/Controllo degli accessi in base al ruolo
Passaggi successivi
Mostra 4 in più
Questo articolo include definizioni di Criteri di Azure di esempio che creano destinazioni e funzionalità per un tipo di risorsa specifico. È possibile aggiungere automaticamente risorse ad Azure Chaos Studio. Innanzitutto, distribuire questi esempi come definizioni di criteri personalizzati . Poi assegnare i criteri a un ambito.
In questi esempi vengono aggiunte funzionalità e destinazioni dirette al servizio per ogni tipo di risorsa supportato usando destinazioni e funzionalità .
Ognuno di questi criteri presenta piccole differenze ed è necessario consultare la documentazione della risorsa (ad esempio, risorsa di calcolo, risorsa di archiviazione e così via) in uso, oltre alle definizioni di esempio seguenti, per essere sicuri di impostare tutto in modo corretto per lo scenario specifico.
Definizione di criteri di Cache Redis di Azure {
"displayName" : "Deploy Chaos Target and Capability for Azure Cache for Redis" ,
"policyType" : "Custom" ,
"mode" : "Indexed" ,
"metadata" : {
"category" : "Chaos Studio"
},
"description" : "Deploys the target and capabilities for an Azure Cache for Redis instance for onboarding to Azure Chaos Studio."
"parameters" : {
"effect" : {
"type" : "String" ,
"metadata" : {
"displayName" : "Effect" ,
"description" : "Enable or disable the execution of the policy"
},
"allowedValues" : [
"DeployIfNotExists" ,
"Disabled"
],
"defaultValue" : "DeployIfNotExists"
}
},
"policyRule" : {
"if" : {
"field" : "type" ,
"equals" : "Microsoft.Cache/Redis"
},
"then" : {
"effect" : "[parameters('effect')]" ,
"details" : {
"type" : "Microsoft.Chaos/targets" ,
"name" : "Microsoft-AzureCacheForRedis" ,
"roleDefinitionIds" : [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"deployment" : {
"properties" : {
"mode" : "incremental" ,
"template" : {
"$schema" : "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" ,
"contentVersion" : "1.0.0.0" ,
"parameters" : {
"resourceName" : {
"type" : "string"
},
"location" : {
"type" : "string"
}
},
"variables" : {},
"resources" : [
{
"type" : "Microsoft.Cache/Redis/providers/targets" ,
"apiVersion" : "2023-11-01" ,
"name" : "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureCacheForRedis')]" ,
"location" : "[parameters('location')]" ,
"properties" : {}
},
{
"type" : "Microsoft.Cache/Redis/providers/targets/capabilities" ,
"apiVersion" : "2023-11-01" ,
"name" : "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureCacheForRedis/Reboot-1.0')]" ,
"location" : "[parameters('location')]" ,
"dependsOn" : [
"[concat(resourceId('Microsoft.Cache/Redis', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureCacheForRedis')]"
],
"properties" : {}
}
],
"outputs" : {}
},
"parameters" : {
"resourceName" : {
"value" : "[field('name')]"
},
"location" : {
"value" : "[field('location')]"
}
}
}
}
}
}
}
}
Definizione dii criteri di Azure Cosmos DB {
"displayName" : "Deploy Chaos Target and Capability for Cosmos DB" ,
"policyType" : "Custom" ,
"mode" : "Indexed" ,
"description" : "Deploys the target and capabilities for a Cosmos DB for onboarding to Azure Chaos Studio." ,
"metadata" : {
"category" : "Chaos Studio"
},
"parameters" : {
"effect" : {
"type" : "String" ,
"metadata" : {
"displayName" : "Effect" ,
"description" : "Enable or disable the execution of the policy"
},
"allowedValues" : [
"DeployIfNotExists" ,
"Disabled"
],
"defaultValue" : "DeployIfNotExists"
}
},
"policyRule" : {
"if" : {
"field" : "type" ,
"equals" : "Microsoft.DocumentDB/databaseAccounts"
},
"then" : {
"effect" : "[parameters('effect')]" ,
"details" : {
"type" : "Microsoft.Chaos/targets" ,
"name" : "Microsoft-CosmosDB" ,
"roleDefinitionIds" : [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"deployment" : {
"properties" : {
"mode" : "incremental" ,
"template" : {
"$schema" : "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" ,
"contentVersion" : "1.0.0.0" ,
"parameters" : {
"resourceName" : {
"type" : "string"
},
"location" : {
"type" : "string"
}
},
"variables" : {},
"resources" : [
{
"type" : "Microsoft.DocumentDB/databaseAccounts/providers/targets" ,
"apiVersion" : "2023-11-01" ,
"name" : "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-CosmosDB')]" ,
"location" : "[parameters('location')]" ,
"properties" : {}
},
{
"type" : "Microsoft.DocumentDB/databaseAccounts/providers/targets/capabilities" ,
"apiVersion" : "2023-11-01" ,
"name" : "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-CosmosDB/Failover-1.0')]" ,
"location" : "[parameters('location')]" ,
"dependsOn" : [
"[concat(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-CosmosDB')]"
],
"properties" : {}
}
],
"outputs" : {}
},
"parameters" : {
"resourceName" : {
"value" : "[field('name')]"
},
"location" : {
"value" : "[field('location')]"
}
}
}
}
}
}
}
}
Definizione di criteri del servizio Azure Kubernetes {
"displayName" : "Deploy Chaos Target and Capabilities for Azure Kubernetes Service" ,
"policyType" : "Custom" ,
"mode" : "Indexed" ,
"description" : "Deploys the target and capabilities for an AKS cluster for onboarding to Azure Chaos Studio." ,
"metadata" : {
"category" : "Chaos Studio"
},
"parameters" : {
"effect" : {
"type" : "String" ,
"metadata" : {
"displayName" : "Effect" ,
"description" : "Enable or disable the execution of the policy"
},
"allowedValues" : [
"DeployIfNotExists" ,
"Disabled"
],
"defaultValue" : "DeployIfNotExists"
}
},
"policyRule" : {
"if" : {
"field" : "type" ,
"equals" : "Microsoft.ContainerService/managedClusters"
},
"then" : {
"effect" : "[parameters('effect')]" ,
"details" : {
"type" : "Microsoft.Chaos/targets" ,
"name" : "Microsoft-AzureKubernetesServiceChaosMesh" ,
"roleDefinitionIds" : [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"deployment" : {
"properties" : {
"mode" : "incremental" ,
"template" : {
"$schema" : "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" ,
"contentVersion" : "1.0.0.0" ,
"parameters" : {
"resourceName" : {
"type" : "string"
},
"location" : {
"type" : "string"
}
},
"variables" : {},
"resources" : [
{
"type" : "Microsoft.ContainerService/managedClusters/providers/targets" ,
"apiVersion" : "2023-11-01" ,
"name" : "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh')]" ,
"location" : "[parameters('location')]" ,
"properties" : {}
},
{
"type" : "Microsoft.ContainerService/managedClusters/providers/targets/capabilities" ,
"apiVersion" : "2023-11-01" ,
"name" : "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/NetworkChaos-2.1')]" ,
"location" : "[parameters('location')]" ,
"dependsOn" : [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties" : {}
},
{
"type" : "Microsoft.ContainerService/managedClusters/providers/targets/capabilities" ,
"apiVersion" : "2023-11-01" ,
"name" : "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/PodChaos-2.1')]" ,
"location" : "[parameters('location')]" ,
"dependsOn" : [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties" : {}
},
{
"type" : "Microsoft.ContainerService/managedClusters/providers/targets/capabilities" ,
"apiVersion" : "2023-11-01" ,
"name" : "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/StressChaos-2.1')]" ,
"location" : "[parameters('location')]" ,
"dependsOn" : [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties" : {}
},
{
"type" : "Microsoft.ContainerService/managedClusters/providers/targets/capabilities" ,
"apiVersion" : "2023-11-01" ,
"name" : "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/IOChaos-2.1')]" ,
"location" : "[parameters('location')]" ,
"dependsOn" : [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties" : {}
},
{
"type" : "Microsoft.ContainerService/managedClusters/providers/targets/capabilities" ,
"apiVersion" : "2023-11-01" ,
"name" : "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/TimeChaos-2.1')]" ,
"location" : "[parameters('location')]" ,
"dependsOn" : [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties" : {}
},
{
"type" : "Microsoft.ContainerService/managedClusters/providers/targets/capabilities" ,
"apiVersion" : "2023-11-01" ,
"name" : "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/KernelChaos-2.1')]" ,
"location" : "[parameters('location')]" ,
"dependsOn" : [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties" : {}
},
{
"type" : "Microsoft.ContainerService/managedClusters/providers/targets/capabilities" ,
"apiVersion" : "2023-11-01" ,
"name" : "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/DNSChaos-2.1')]" ,
"location" : "[parameters('location')]" ,
"dependsOn" : [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties" : {}
},
{
"type" : "Microsoft.ContainerService/managedClusters/providers/targets/capabilities" ,
"apiVersion" : "2023-11-01" ,
"name" : "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/HTTPChaos-2.1')]" ,
"location" : "[parameters('location')]" ,
"dependsOn" : [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties" : {}
}
],
"outputs" : {}
},
"parameters" : {
"resourceName" : {
"value" : "[field('name')]"
},
"location" : {
"value" : "[field('location')]"
}
}
}
}
}
}
}
}
Definizione di criteri del gruppo di sicurezza di rete di Azure {
"displayName" : "Deploy Chaos Target and Capability for Network Security Groups" ,
"policyType" : "Custom" ,
"mode" : "Indexed" ,
"description" : "Deploys the target and capabilities for a network security group for onboarding to Azure Chaos Studio." ,
"metadata" : {
"category" : "Chaos Studio"
},
"parameters" : {
"effect" : {
"type" : "String" ,
"metadata" : {
"displayName" : "Effect" ,
"description" : "Enable or disable the execution of the policy"
},
"allowedValues" : [
"DeployIfNotExists" ,
"Disabled"
],
"defaultValue" : "DeployIfNotExists"
}
},
"policyRule" : {
"if" : {
"field" : "type" ,
"equals" : "Microsoft.Network/networkSecurityGroups"
},
"then" : {
"effect" : "[parameters('effect')]" ,
"details" : {
"type" : "Microsoft.Chaos/targets" ,
"name" : "Microsoft-NetworkSecurityGroup" ,
"roleDefinitionIds" : [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"deployment" : {
"properties" : {
"mode" : "incremental" ,
"template" : {
"$schema" : "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" ,
"contentVersion" : "1.0.0.0" ,
"parameters" : {
"resourceName" : {
"type" : "string"
},
"location" : {
"type" : "string"
}
},
"variables" : {},
"resources" : [
{
"type" : "Microsoft.Network/networkSecurityGroups/providers/targets" ,
"apiVersion" : "2023-11-01" ,
"name" : "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-NetworkSecurityGroup')]" ,
"location" : "[parameters('location')]" ,
"properties" : {}
},
{
"type" : "Microsoft.Network/networkSecurityGroups/providers/targets/capabilities" ,
"apiVersion" : "2023-11-01" ,
"name" : "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-NetworkSecurityGroup/SecurityRule-1.0')]" ,
"location" : "[parameters('location')]" ,
"dependsOn" : [
"[concat(resourceId('Microsoft.Network/networkSecurityGroups', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-NetworkSecurityGroup')]"
],
"properties" : {}
}
],
"outputs" : {}
},
"parameters" : {
"resourceName" : {
"value" : "[field('name')]"
},
"location" : {
"value" : "[field('location')]"
}
}
}
}
}
}
}
}
Definizione di criteri di Macchine virtuali di Azure {
"displayName" : "Deploy Chaos Target and Capability for Virtual Machines (service-direct)" ,
"policyType" : "Custom" ,
"mode" : "Indexed" ,
"description" : "Deploys the target and capabilities for a virtual machine for onboarding to Azure Chaos Studio (service-direct faults)." ,
"metadata" : {
"category" : "Chaos Studio"
},
"parameters" : {
"effect" : {
"type" : "String" ,
"metadata" : {
"displayName" : "Effect" ,
"description" : "Enable or disable the execution of the policy"
},
"allowedValues" : [
"DeployIfNotExists" ,
"Disabled"
],
"defaultValue" : "DeployIfNotExists"
}
},
"policyRule" : {
"if" : {
"field" : "type" ,
"equals" : "Microsoft.Compute/virtualMachines"
},
"then" : {
"effect" : "[parameters('effect')]" ,
"details" : {
"type" : "Microsoft.Chaos/targets" ,
"name" : "Microsoft-VirtualMachine" ,
"roleDefinitionIds" : [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"deployment" : {
"properties" : {
"mode" : "incremental" ,
"template" : {
"$schema" : "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" ,
"contentVersion" : "1.0.0.0" ,
"parameters" : {
"resourceName" : {
"type" : "string"
},
"location" : {
"type" : "string"
}
},
"variables" : {},
"resources" : [
{
"type" : "Microsoft.Compute/virtualMachines/providers/targets" ,
"apiVersion" : "2023-11-01" ,
"name" : "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-VirtualMachine')]" ,
"location" : "[parameters('location')]" ,
"properties" : {}
},
{
"type" : "Microsoft.Compute/virtualMachines/providers/targets/capabilities" ,
"apiVersion" : "2023-11-01" ,
"name" : "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-VirtualMachine/Shutdown-1.0')]" ,
"location" : "[parameters('location')]" ,
"dependsOn" : [
"[concat(resourceId('Microsoft.Compute/virtualMachines', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-VirtualMachine')]"
],
"properties" : {}
}
],
"outputs" : {}
},
"parameters" : {
"resourceName" : {
"value" : "[field('name')]"
},
"location" : {
"value" : "[field('location')]"
}
}
}
}
}
}
}
}
Definizione di criteri dei set di scalabilità di macchine virtuali di Azure {
"displayName" : "Deploy Chaos Target and Capability for Virtual Machine Scale Sets (service-direct)" ,
"policyType" : "Custom" ,
"mode" : "Indexed" ,
"description" : "Deploys the target and capabilities for virtual machine scale sets for onboarding to Azure Chaos Studio (service-direct faults)." ,
"metadata" : {
"category" : "Chaos Studio"
},
"parameters" : {
"effect" : {
"type" : "String" ,
"metadata" : {
"displayName" : "Effect" ,
"description" : "Enable or disable the execution of the policy"
},
"allowedValues" : [
"DeployIfNotExists" ,
"Disabled"
],
"defaultValue" : "DeployIfNotExists"
}
},
"policyRule" : {
"if" : {
"field" : "type" ,
"equals" : "Microsoft.Compute/virtualMachineScaleSets"
},
"then" : {
"effect" : "[parameters('effect')]" ,
"details" : {
"type" : "Microsoft.Chaos/targets" ,
"name" : "Microsoft-VirtualMachineScaleSet" ,
"roleDefinitionIds" : [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"deployment" : {
"properties" : {
"mode" : "incremental" ,
"template" : {
"$schema" : "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#" ,
"contentVersion" : "1.0.0.0" ,
"parameters" : {
"resourceName" : {
"type" : "string"
},
"location" : {
"type" : "string"
}
},
"variables" : {},
"resources" : [
{
"type" : "Microsoft.Compute/virtualMachineScaleSets/providers/targets" ,
"apiVersion" : "2023-11-01" ,
"name" : "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-VirtualMachineScaleSet')]" ,
"location" : "[parameters('location')]" ,
"properties" : {}
},
{
"type" : "Microsoft.Compute/virtualMachineScaleSets/providers/targets/capabilities" ,
"apiVersion" : "2023-11-01" ,
"name" : "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-VirtualMachineScaleSet/Shutdown-1.0')]" ,
"location" : "[parameters('location')]" ,
"dependsOn" : [
"[concat(resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-VirtualMachineScaleSet')]"
],
"properties" : {}
}
],
"outputs" : {}
},
"parameters" : {
"resourceName" : {
"value" : "[field('name')]"
},
"location" : {
"value" : "[field('location')]"
}
}
}
}
}
}
}
}
Per maggiori informazioni, consultare Risolvere gli errori relativi all'uso di Criteri di Azure .