To deploy AFD (Azure Front Door) with a private ACA (Azure Container Apps) environment you need to create a private link connection between Front Door and the internal Azure Load Balancer, that has been created by ACA.
For that reason you have to create a Private Link Service for the Load balancer.
The challenge is now to 'find' the Load Balancer the Private Link Service should be created for and add the ID of the Load Balancer to the Private Link Service resource, if done programmatically.
In my example I have used the default domain of the environment to create the name of the 'auto-generated' resource group, because you need to provide the name and the resource group of the Load Balancer to get the required ID.
Bicep example code:
// Create Container Apps Environment
resource environment 'Microsoft.App/managedEnvironments@2022-03-01' = {
name: environmentName
location: location
...
}
// Get the Default Domain of the ACA environment
var containerAppsEnvironmentDefaultDomain string = environment.properties.defaultDomain
// Split the domain to get the identifier of the ACA environment (the element before the location)
var containerAppsNameIdentifier = split(containerAppsDefaultDomainName, '.')[lastIndexOf(containerAppsDefaultDomainArray, location)-1]
// Use the identifier to 'generate' the resource group name
var containerAppsManagedResourceGroup = 'MC_${containerAppsNameIdentifier}-rg_${containerAppsNameIdentifier}_${location}'
// Get the ID of the Load Balancer
resource loadBalancer 'Microsoft.Network/loadBalancers@2021-05-01' existing = {
name: 'kubernetes-internal'
scope: resourceGroup(containerAppsManagedResourceGroup)
}
The full example including all Bicep code can be found at Github:
https://github.com/sebafo/frontdoor-container-apps