I have a docker image, which uses Linux, R and plumber and works fine when pushed to an ACR and deployed to an ACI. The problem is, that the resulting endpoint is accessible via the Internet. It should only be accessible within our DMZ (?) virtual network (?) - apologies about my clumsy/potentially wrong use of terms. So IT created a private endpoint, which makes sense to me, but according to this:
See also previous related post:
error whilst trying to deploy container image after introduction of private endpoint
This is currently not supported for ACI? How else can the ACI endpoint be secured in my scenario please? Thanks!
If you put your ACI in the VNet, then the ACI can only be accessible fron that VNet and it's not accessible from the Internet. See deploy ACI in the VNet. But you need to know when the ACI is creating, the image need to be accessible from the Internet.
If you migrate your ACR with the service endpoint and it's only be accessible from the VNet, then ACI can't be created with pulling image from the ACR. See the description here:
Instances of Azure services including Azure DevOps Services, Web Apps, and Azure Container Instances are also unable to access a network-restricted container registry.
If your purpose is to make the ACI only be accessible from the VNet, make the image public or accessible from the Internet and delpy the ACI into the VNet.