1

Is there any change of configuring a Azure Application Gateway Backend target to a Azure Container Instance? At the moment I configured a private IP address of the Container as Target. The problem is that on every deployment of the containers the IP address of the Container itself can change. I am searching for a dynamic solution like a tag on the container.

This are the available options:

enter image description here

Can this be archived with Azure Application Gateway or do I have to choose another option?

I tried to configure the backend with IP addresses but the IP addresses changes on every deployment.

silent
  • 14,494
  • 4
  • 46
  • 86
DSSO21
  • 109
  • 9
  • 1
    Does this answer your question? [Azure Container Instance changing IP address](https://stackoverflow.com/questions/73506414/azure-container-instance-changing-ip-address) – silent Apr 24 '23 at 08:05
  • @silent not really, because I want to Container to run in a private network and be accessible via application gateway. When trying to configure a DNS label on a IP in a private network I get the error `DNS name label for container group is only supported when IP Address type is public, current 'Private'` – DSSO21 Apr 24 '23 at 09:54
  • well, you didn't mention that important fact ;) There is a discussion around this: https://github.com/MicrosoftDocs/azure-docs/issues/61627#issuecomment-1462918713 – silent Apr 24 '23 at 10:10

1 Answers1

0

Azure Application Gatwey backend with Container Instance as Backend target. Make sure to configure application gateway on Standard V2 SKU

The request is routed to the backend server using the instance private IP addresses of the application gateway if the backend server has an internally resolvable FQDN or a private IP address. In the backend pool, confirm that the FQDN can be resolved internally.

I have created application gateway with same virtual network and tier as standard sku like below:

enter image description here

enter image description here

I agree with @silent if you want Container to run in a private network and be accessible via application gateway in container instance use same virtual network with different subnet like below:

enter image description here

Make sure to add private IP address of container in DNS zone like below:

enter image description here

Enable backend setting with hosname override with specific domain name like below:

enter image description here

Add listner like below

enter image description here

enter image description here

References:

Azure Container Instances in VNET with custom DNS - by AzToso.com

Deploy container group to Azure virtual network - Azure Container Instances | Microsoft Learn

Imran
  • 3,875
  • 2
  • 3
  • 12
  • 1
    If I add a manual DNS entry the problem is not solved because every time to container boots ip it gets a new IP and I have to edit the DNS entry. This should happen autmaticly – DSSO21 Apr 24 '23 at 11:56
  • For this, you may use ACIG to build a private DNS zone, deploy containers to ACIG with the appropriate DNS name labels, and then, once the containers have run, ACIG will register & update the IP so that you don't have to manually update. – Imran Apr 24 '23 at 12:34
  • Container in private networks can not have a DNS Label. `DNS name label for container group is only supported when IP Address type is public, current 'Private'` – DSSO21 Apr 24 '23 at 12:45
  • In a private network, you cannot configure a DNS name label for an IP address since DNS name labels are only supported for public IP addresses. You need to create a custom DNS zone in Azure Private DNS. Create an A record map it to the private IP address and Configure the backend target of your Azure Application Gateway to use the DNS name label mapped to the private IP address.By using this approach, you can use a DNS name label to refer to your private IP address without having to expose it publicly. – Imran Apr 25 '23 at 12:10
  • do you have some more informations on that? As far as I am concerned Azure Container Instances do not support private Azure DNS zones. – DSSO21 Apr 25 '23 at 15:46