Creating the Private Link Service
Creating the Private Link Service is fairly straight forward. You need to specify the Load Balancer you created in the previous step and the subnet in which the Private Link Service will be deployed to.
You can either create it through the Azure Portal or through a Bicep file:
Using the portal
Go to the resource group in which your service VMs are deployed and:
Create -> Azure Private Link Service
Give it a name and select the subnet in which you want to deploy it (this should be the same subnet your Service VMs are in).
In the Outbound settings panel select the Load Balancer you previously created and it’s frontend IP Configuration (this will most likely be auto-selected). Then select the Source NAT Subnet which should be the same subnet as the one in which you’ve deployed your Service VM.
You can leave the rest of the panels on default and click Review + Create -> Create
After that, your Private Link Service should be created.
Go to the created Private Link Service and copy the resource ID for later.
Using Bicep
Below we provide an example Private Link Service creation bicep file. Make sure to substiture the parameter/variable names with your own.
resource privatelinkService 'Microsoft.Network/privateLinkServices@2021-05-01' = {name: privateLinkServiceNamelocation: location
dependsOn: [ lb]
properties: { loadBalancerFrontendIpConfigurations: [ { id: resourceId('Microsoft.Network/loadBalancers/frontendIpConfigurations', lbName, 'front') } ] ipConfigurations: [ { name: 'private-link-service-ipconfig' properties: { privateIPAllocationMethod: 'Dynamic' privateIPAddressVersion: 'IPv4' subnet: { id: resourceId('Microsoft.Network/virtualNetworks/subnets', vnetName, subnetName) } primary: false } } ]}}Once our Private Link Service is up and running we can go ahead and create our new image to leverage this connection.