Notitie
Voor toegang tot deze pagina is autorisatie vereist. U kunt proberen u aan te melden of de directory te wijzigen.
Voor toegang tot deze pagina is autorisatie vereist. U kunt proberen de mappen te wijzigen.
Dit artikel bevat voorbeelden van Azure Policy-definities waarmee doelen en mogelijkheden voor een specifiek resourcetype worden gemaakt. U kunt automatisch resources toevoegen aan Azure Chaos Studio. Eerst implementeert u deze voorbeelden als aangepaste beleidsdefinities. Vervolgens wijst u het beleid toe aan een bereik.
In deze voorbeelden voegen we service-directe doelen en mogelijkheden toe voor elk ondersteund resourcetype met behulp van doelen en mogelijkheden.
Notitie
Ieder van deze beleidsregels verschilt enigszins en u moet de documentatie van de gebruikte resource raadplegen (bijvoorbeeld Compute, Storage, enzovoort) naast de onderstaande voorbeelddefinities om te verzekeren dat u alles correct instelt voor uw specifieke situatie.
Notitie
Zorg ervoor dat het abonnement dat u gebruikt voor de geautomatiseerde Implementatie van Azure Policy de juiste RBAC-machtigingen heeft om dit te doen.
Azure Cache voor Redis beleidsdefinitie
{
"displayName": "Deploy Chaos Target and Capability for Azure Cache for Redis",
"policyType": "Custom",
"mode": "Indexed",
"metadata": {
"category": "Chaos Studio"
},
"description": "Deploys the target and capabilities for an Azure Cache for Redis instance for onboarding to Azure Chaos Studio."
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Cache/Redis"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Chaos/targets",
"name": "Microsoft-AzureCacheForRedis",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "string"
},
"location": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Cache/Redis/providers/targets",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureCacheForRedis')]",
"location": "[parameters('location')]",
"properties": {}
},
{
"type": "Microsoft.Cache/Redis/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureCacheForRedis/Reboot-1.0')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.Cache/Redis', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureCacheForRedis')]"
],
"properties": {}
}
],
"outputs": {}
},
"parameters": {
"resourceName": {
"value": "[field('name')]"
},
"location": {
"value": "[field('location')]"
}
}
}
}
}
}
}
}
Azure Cosmos DB-beleidsdefinitie
{
"displayName": "Deploy Chaos Target and Capability for Cosmos DB",
"policyType": "Custom",
"mode": "Indexed",
"description": "Deploys the target and capabilities for a Cosmos DB for onboarding to Azure Chaos Studio.",
"metadata": {
"category": "Chaos Studio"
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.DocumentDB/databaseAccounts"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Chaos/targets",
"name": "Microsoft-CosmosDB",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "string"
},
"location": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.DocumentDB/databaseAccounts/providers/targets",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-CosmosDB')]",
"location": "[parameters('location')]",
"properties": {}
},
{
"type": "Microsoft.DocumentDB/databaseAccounts/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-CosmosDB/Failover-1.0')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.DocumentDB/databaseAccounts', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-CosmosDB')]"
],
"properties": {}
}
],
"outputs": {}
},
"parameters": {
"resourceName": {
"value": "[field('name')]"
},
"location": {
"value": "[field('location')]"
}
}
}
}
}
}
}
}
Azure Kubernetes Service-beleidsdefinitie
{
"displayName": "Deploy Chaos Target and Capabilities for Azure Kubernetes Service",
"policyType": "Custom",
"mode": "Indexed",
"description": "Deploys the target and capabilities for an AKS cluster for onboarding to Azure Chaos Studio.",
"metadata": {
"category": "Chaos Studio"
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.ContainerService/managedClusters"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Chaos/targets",
"name": "Microsoft-AzureKubernetesServiceChaosMesh",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "string"
},
"location": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh')]",
"location": "[parameters('location')]",
"properties": {}
},
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/NetworkChaos-2.1')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties": {}
},
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/PodChaos-2.1')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties": {}
},
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/StressChaos-2.1')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties": {}
},
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/IOChaos-2.1')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties": {}
},
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/TimeChaos-2.1')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties": {}
},
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/KernelChaos-2.1')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties": {}
},
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/DNSChaos-2.1')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties": {}
},
{
"type": "Microsoft.ContainerService/managedClusters/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-AzureKubernetesServiceChaosMesh/HTTPChaos-2.1')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.ContainerService/managedClusters', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-AzureKubernetesServiceChaosMesh')]"
],
"properties": {}
}
],
"outputs": {}
},
"parameters": {
"resourceName": {
"value": "[field('name')]"
},
"location": {
"value": "[field('location')]"
}
}
}
}
}
}
}
}
Definitie van azure-netwerkbeveiligingsgroepsbeleid
{
"displayName": "Deploy Chaos Target and Capability for Network Security Groups",
"policyType": "Custom",
"mode": "Indexed",
"description": "Deploys the target and capabilities for a network security group for onboarding to Azure Chaos Studio.",
"metadata": {
"category": "Chaos Studio"
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Network/networkSecurityGroups"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Chaos/targets",
"name": "Microsoft-NetworkSecurityGroup",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "string"
},
"location": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Network/networkSecurityGroups/providers/targets",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-NetworkSecurityGroup')]",
"location": "[parameters('location')]",
"properties": {}
},
{
"type": "Microsoft.Network/networkSecurityGroups/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-NetworkSecurityGroup/SecurityRule-1.0')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.Network/networkSecurityGroups', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-NetworkSecurityGroup')]"
],
"properties": {}
}
],
"outputs": {}
},
"parameters": {
"resourceName": {
"value": "[field('name')]"
},
"location": {
"value": "[field('location')]"
}
}
}
}
}
}
}
}
Azure Virtual Machines-beleidsdefinitie
{
"displayName": "Deploy Chaos Target and Capability for Virtual Machines (service-direct)",
"policyType": "Custom",
"mode": "Indexed",
"description": "Deploys the target and capabilities for a virtual machine for onboarding to Azure Chaos Studio (service-direct faults).",
"metadata": {
"category": "Chaos Studio"
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Compute/virtualMachines"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Chaos/targets",
"name": "Microsoft-VirtualMachine",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "string"
},
"location": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Compute/virtualMachines/providers/targets",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-VirtualMachine')]",
"location": "[parameters('location')]",
"properties": {}
},
{
"type": "Microsoft.Compute/virtualMachines/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-VirtualMachine/Shutdown-1.0')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.Compute/virtualMachines', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-VirtualMachine')]"
],
"properties": {}
}
],
"outputs": {}
},
"parameters": {
"resourceName": {
"value": "[field('name')]"
},
"location": {
"value": "[field('location')]"
}
}
}
}
}
}
}
}
Azure Virtual Machine Scale Sets-beleidsdefinitie
{
"displayName": "Deploy Chaos Target and Capability for Virtual Machine Scale Sets (service-direct)",
"policyType": "Custom",
"mode": "Indexed",
"description": "Deploys the target and capabilities for virtual machine scale sets for onboarding to Azure Chaos Studio (service-direct faults).",
"metadata": {
"category": "Chaos Studio"
},
"parameters": {
"effect": {
"type": "String",
"metadata": {
"displayName": "Effect",
"description": "Enable or disable the execution of the policy"
},
"allowedValues": [
"DeployIfNotExists",
"Disabled"
],
"defaultValue": "DeployIfNotExists"
}
},
"policyRule": {
"if": {
"field": "type",
"equals": "Microsoft.Compute/virtualMachineScaleSets"
},
"then": {
"effect": "[parameters('effect')]",
"details": {
"type": "Microsoft.Chaos/targets",
"name": "Microsoft-VirtualMachineScaleSet",
"roleDefinitionIds": [
"/providers/Microsoft.Authorization/roleDefinitions/b24988ac-6180-42a0-ab88-20f7382dd24c"
],
"deployment": {
"properties": {
"mode": "incremental",
"template": {
"$schema": "http://schema.management.azure.com/schemas/2015-01-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"resourceName": {
"type": "string"
},
"location": {
"type": "string"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.Compute/virtualMachineScaleSets/providers/targets",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-VirtualMachineScaleSet')]",
"location": "[parameters('location')]",
"properties": {}
},
{
"type": "Microsoft.Compute/virtualMachineScaleSets/providers/targets/capabilities",
"apiVersion": "2023-11-01",
"name": "[concat(parameters('resourceName'), '/', 'Microsoft.Chaos/Microsoft-VirtualMachineScaleSet/Shutdown-1.0')]",
"location": "[parameters('location')]",
"dependsOn": [
"[concat(resourceId('Microsoft.Compute/virtualMachineScaleSets', parameters('resourceName')), '/', 'providers/Microsoft.Chaos/targets/Microsoft-VirtualMachineScaleSet')]"
],
"properties": {}
}
],
"outputs": {}
},
"parameters": {
"resourceName": {
"value": "[field('name')]"
},
"location": {
"value": "[field('location')]"
}
}
}
}
}
}
}
}
Problemen oplossen met betrekking tot Azure Policy/RBAC
Ga naar Fouten oplossen met het gebruik van Azure Policy om dit te doen.