我找到了本文档https://devblogs.microsoft.com/aspnet/announcing-an-easier-way-to-use-latest-certificates-from-key-vault/和其他一些ARM参考资料,旨在为VMSS添加Keyvault扩展,以实现证书自动旋转。但是,当我尝试进行部署时,扩展只是超时而没有给出任何有用的错误消息。为了使此工作有效,存在任何约束,例如,密钥库和VMSS必须位于同一资源组上?有谁知道我的模板可能出了什么问题。
这是我的扩展名:
{
"name": "KeyVaultForWindows",
"location": "[variables('location')]",
"properties": { "publisher": "Microsoft.Azure.KeyVault",
"type": "KeyVaultForWindows", "typeHandlerVersion": "0.0",
"autoUpgradeMinorVersion": true,
"settings":
{
"secretsManagementSettings": {
"pollingIntervalInS": "60",
"requireInitialSync": true,
"certificateStoreName": "MY",
"certificateStoreLocation": "LocalMachine",
"observedCertificates": ["https:///secrets/"] }
}
}
}```