TechQA.

Can't hook up VNET to Azure Container App

577 views Asked by At

I am trying to set up a container app/registry that will act as our Azure DevOps agents.

I am following the MS guide and can get everything built and working, however i don't believe this can see our OnPrem infrastructure which is usually connected via a peered VNET.

My code is:

# Install extension
az extension add --name containerapp --upgrade

#Register namespaces
az provider register --namespace Microsoft.App
az provider register --namespace Microsoft.OperationalInsights

# Environment Variables
$RESOURCE_GROUP = "[resourceGroup]"
$LANDING_RESOURCE_GROUP = "[resourceGroup]"
$LOCATION = "UKSOUTH"
$ENVIRONMENT = "[environment]"
$JOB_NAME = "azure-pipelines-agent-job"
$PLACEHOLDER_JOB_NAME = "placeholder-agent-job"
$VNET_NAME = "[vnet_name]"
$SUBNET = "[subnet]"
$SUBNET_NAME = "container-integration"

# Create resource group
az group create `
    --name "$RESOURCE_GROUP" `
    --location "$LOCATION"

## Get subnet ID
$INFRASTRUCTURE_SUBNET = az network vnet subnet show --resource-group $LANDING_RESOURCE_GROUP --vnet-name $VNET_NAME --name $SUBNET_NAME --query "id" -o tsv 
# Create the environment
az containerapp env create `
    --name "$ENVIRONMENT" `
    --resource-group "$RESOURCE_GROUP" `
    --location "$LOCATION" `
    --infrastructure-subnet-resource-id $INFRASTRUCTURE_SUBNET 

# Define container name and version
$CONTAINER_IMAGE_NAME = "azure-pipelines-agent:1.0.1"
$CONTAINER_REGISTRY_NAME = "[containerregname]"

# Variables for container jobs
$AZP_TOKEN = "[token]"
$ORGANIZATION_URL = "https://dev.azure.com/[org]"
$AZP_POOL = "container-apps"

# Create Container Registry
az acr create `
    --name $CONTAINER_REGISTRY_NAME `
    --resource-group $RESOURCE_GROUP `
    --location $LOCATION `
    --sku Basic `
    --admin-enabled true

# Docker file
az acr build `
    --registry "$CONTAINER_REGISTRY_NAME" `
    --image "$CONTAINER_IMAGE_NAME" `
    --file "dockerfile" `
    "./" 
  
# Create self-hosted agent
az containerapp job create -n $JOB_NAME -g $RESOURCE_GROUP --environment $ENVIRONMENT `
    --trigger-type Event `
    --replica-timeout 1800 `
    --replica-retry-limit 1 `
    --replica-completion-count 1 `
    --parallelism 1 `
    --image "$CONTAINER_REGISTRY_NAME.azurecr.io/$CONTAINER_IMAGE_NAME" `
    --min-executions 0 `
    --max-executions 10 `
    --polling-interval 30 `
    --scale-rule-name "azure-pipelines" `
    --scale-rule-type "azure-pipelines" `
    --scale-rule-metadata "poolName=container-apps" "targetPipelinesQueueLength=1" `
    --scale-rule-auth "personalAccessToken=personal-access-token" "organizationURL=organization-url" `
    --cpu "2.0" `
    --memory "4Gi" `
    --secrets "personal-access-token=$AZP_TOKEN" "organization-url=$ORGANIZATION_URL" `
    --env-vars "AZP_TOKEN=secretref:personal-access-token" "AZP_URL=secretref:organization-url" "AZP_POOL=$AZP_POOL" `
    --registry-server "$CONTAINER_REGISTRY_NAME.azurecr.io"

I then tried to add Private DNS using the following to test: (following MS docs)

# Get static IP
$ENVIRONMENT_STATIC_IP = az containerapp env show --name $ENVIRONMENT --resource-group $RESOURCE_GROUP --query properties.staticIp --out json 
# create Private DNS
$ENVIRONMENT_DEFAULT_DOMAIN = az containerapp env show --name $ENVIRONMENT --resource-group $RESOURCE_GROUP --query properties.defaultDomain --out json
# VNET ID
$VNET_ID = az network vnet show --resource-group $LANDING_RESOURCE_GROUP --name $VNET_NAME --query id --out json 
    
# Link Private DNS
az network private-dns zone create `
    --resource-group $RESOURCE_GROUP `
    --name $ENVIRONMENT_DEFAULT_DOMAIN
    
# Create Link to Private DNS Zone
az network private-dns link vnet create `
    --resource-group $RESOURCE_GROUP `
    --name $VNET_NAME `
    --virtual-network $VNET_ID `
    --zone-name $ENVIRONMENT_DEFAULT_DOMAIN -e true
    
# Create A Record
az network private-dns record-set a add-record `
    --resource-group $RESOURCE_GROUP `
    --record-set-name "*" `
    --ipv4-address $ENVIRONMENT_STATIC_IP `
    --zone-name $ENVIRONMENT_DEFAULT_DOMAIN

The dockerfile that is called is all generic that installs Azure agents. No network config in there.

Any ideas? Thanks

azure docker powershell azure-container-service
Original Q&A
1

There are 1 answers

0
joko_88 On

Just for anyone else looking i managed to sort this. I think there is a slight issue with the docs as it tells you for internal only to use --internal-only but it turns out this is false by default so you have to append it with true within the environment creation stage.

## Get subnet ID
$INFRASTRUCTURE_SUBNET = az network vnet subnet show --resource-group $LANDING_RESOURCE_GROUP --vnet-name $VNET_NAME --name $SUBNET_NAME --query "id" -o tsv 
# Create the environment
az containerapp env create `
    --name "$ENVIRONMENT" `
    --resource-group "$RESOURCE_GROUP" `
    --location "$LOCATION" `
    --infrastructure-subnet-resource-id $INFRASTRUCTURE_SUBNET `
    --internal-only true

Worked like a charm.

Related Questions in AZURE

Related Questions in DOCKER

Related Questions in POWERSHELL

Related Questions in AZURE-CONTAINER-SERVICE

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json

Trending Questions