In Azure, I’ve deployed an internal container app environment with virtual network integration to a VNET that I’ve created. The container app environment has a single container app with no custom domain and ingress traffic limited to the VNET e.g.
In my VNET, I’ve got a separate subnet that contains a Linux VM that I can SSH into for connectivity testing to my container app. Note: this needed to be in a separate subnet, as the subnet for the container app is delegated so I can’t deploy any additional resources like a VM into the container app subnet. Either way, Azure automatically routes traffic between subnets so this should be fine.
For DNS with VNET-scope ingress and non-custom domains, Microsoft has the following documentation:
VNet-scope ingress: If you plan to use VNet-scope ingress in an
internal environment, configure your domains in one of the following
ways:
- Non-custom domains: If you don’t plan to use a custom domain, create a
private DNS zone that resolves the Container Apps environment’s
default domain to the static IP address of the Container Apps
environment. You can use Azure Private DNS or your own DNS server. If
you use Azure Private DNS, create a private DNS Zone named as the
Container App environment’s default domain
(<UNIQUE_IDENTIFIER>.<REGION_NAME>.azurecontainerapps.io), with an A
record. The A record contains the name * and the static IP
address of the Container Apps environment.
I’ve set up a private DNS zone linked to my VNET as per the documentation, but I can’t seem to resolve my container app from my Linux VM (e.g. using dig/curl/ping/etc).
I suspect it’s something to do with DNS, but not sure. My container app has an application URL of https://{{container-app-name}}.{{unique_id}}.australiaeast.azurecontainerapps.io. If I check the ingress menu in the Azure portal, the following endpoint is displayed – https://{{container-app-name}}--znlfx1e.{{unique_id}}.australiaeast.azurecontainerapps.io
I suspect znlfx1e is the id of the container in the container app, or something…
Anyways, my private DNS zone looks like this:
Nothing has worked, so that’s why I’m here asking the community. I’m not a networking expert.
Cheers