Search code examples
azureazure-load-balancerazure-container-apps

Azure Loadbalancer with public IP forward traffic to Container Apps


We have deployed a azurerm_container_app_environment and a azurerm_container_app using terraform.

resource "azurerm_container_app_environment" "myenv" {
    name                     = var.managed_environment_name
    location                 ...
    ...
    infrastructure_subnet_id       = var.infrastructure_subnet_id
    internal_load_balancer_enabled = true
    ...
    workload_profile { 
      name                  = "Consumption"
      workload_profile_type = "Consumption"
      ...
   }
}

resource "azurerm_container_app" "myapp" {
    name           = "myapp"
    revision_mode  = "Single"
    ...    
    ingress {
      external_enabled           = true
      target_port                = 80
      exposed_port               = 8000
      transport                  = "tcp"    
   }
   ....
}

I can curl my container app using the private ip assigned to the env without issues:

curl -kvvv http://XXX.XXX.XXX:8000

We also have a azurerm_public_ip and azurerm_lb

Now we would like to expose the traffic from the container app to the public IP

So we configured the LB in this way

 resource "azurerm_lb_probe" "probe" {
      loadbalancer_id = var.load_balancer_id
      name            = "probe"
      port            = 8000
      protocol        = "Tcp" 
      ....
}

resource "azurerm_lb_backend_address_pool" "pool" {
     loadbalancer_id = var.load_balancer_id
     name            = "BackEndAddressPool"
}

resource "azurerm_lb_backend_address_pool_address" "address_pool" {
     name                    = "address_pool"
     backend_address_pool_id = azurerm_lb_backend_address_pool.pool.id
     virtual_network_id      = var.vnet_id
     ip_address              = azurerm_container_app_environment.myapp.static_ip_address

}

resource "azurerm_lb_rule" "lb_rule" {
      loadbalancer_id     = var.load_balancer_id
      name                = "lb-rule"
      protocol            = "Tcp"
      frontend_port       = 80
      backend_port        = 8000
      backend_address_pool_ids = [azurerm_lb_backend_address_pool.pool.id]
      probe_id                 = azurerm_lb_probe.probe.id
     ....

}

The issue is that apparently it's not working. The Lb metrics "Health Probe status" is always 0


Solution

  • The Azure Load Balancer is meant to work only for Backend VMs