Azure Application Gateway backendpool to Azure Container Apps internal load balancer
I have an Azure Application Gateway in a specific vnet, which is publicly available. I also have an Azure Container Apps environment in a different VNET with multiple containers in it. I must expose some of these containers to the outside world using the Application gateway. There is a working VNET peering between the 2 vnets. The application gateway has a backend pool connected to the IP of the internal load balancer of the Azure Container Apps Environment. The backend pool connection to this load balancer is unhealthy. It states that it cannot connect and hints that there might be a NSG/UDR or firewall issue, but as far as I can see these are not used. The load balancer of the ACA is automaticly generated and in a managed resource group, it has an health probe at port 32172 at the "healthz" path. I tried to use this as a custom probe for the backend settings on the application gateway this does not work. Does anyone has any ideas it this construction is even possible and how this should work if it is.
This setup is already documented in the below article: Protect Azure Container Apps with Application Gateway and Web Application Firewall (WAF) | Microsoft Learn
Networking in Azure Container Apps environment | Microsoft Learn configure Azure Private DNS zone for the container apps domain and link that zone to the Vnet with which the container apps is integrated And add private link to the App gateway to establish a secured connection to internal-only container app environments allowing the Application Gateway to communicate with the Container App on the backend through the virtual network.
Following the above document, Here in this setup, I have allowed arkocontainerappr1 located in a different vnet to connect to the application gateway using public IP, Peered the two vnets
If NSG is giving blocker, then create a custom rule and proceed
and added private link to the App gateway to establish a secured connection to internal-only container app environments allowing the Application Gateway to communicate with the Container App on the backend through the virtual network.
- Azure Service Plan - Convert Consumption App to Premium App
- No PK or FK when exporting SQL Server database
- Assigning a Token Lifetime Policy to an application in Microsoft EntraID seems to have no effect
- How to create a dataset for Azure custom speech using spx (speechCLI)
- Azure App Service Autoscale Fails to Scale In
- Azure Scale Out on Memory keeps flapping (not scaling in)
- Setting a server minimum for Azure Web App when using automatic scaling, from Bicep
- A keyvault created with access policy using BICEP creates compound identity
- Azure Loadbalancer with public IP forward traffic to Container Apps
- How to grant a Managed Identity permissions to an Azure SQL Database using IaC?
- What means skipNegotiation in SignalR HubConnection?
- Azure ClientCertificateCredential - Using SNI
- Azure AI Search MultiIndex / Conditional Semantic search
- MSAL Node service & The Partner Center API
- Load Registered Component in Azure ML for Pipeline using Python sdk v2
- Azure Blob:- How to automate Azure Archive Storage to Cool/Hot tier conversion, send download link once it's avaible , and re-archive after 72 hours?
- Azure App Service Custom Backup to Firewall Enabled Storage Account not working as expected
- How to take max value and replace it in drived column in data factory
- Synapse/ ADF - How to Truncate table if dynamic config column is True in pre-copy script
- Azure Cost Management - track costs associated with Databricks job
- Error: "OrganizationFromTenantGuidNotFound" (even with Microsoft 365 subscription)
- How to check Debug.Writeline() output in VS code?
- C# API - Provide download of files from Azure Blobstorage
- localhost:300/api is not working : "This page isn’t working"
- Creating an Azure Linux VM with Ubuntu 20.04 with Terraform
- Failed to deploy path that does not exist
- Using Azure WAF for my server(not in Azure)
- How and where to define an environment variable on Azure
- Azure Data Factory - Unable to preview data
- Azure yaml trigger pipeline every 14 days on a Saturday