Closed nad-au closed 10 months ago
Just noticed https://github.com/microsoft/azure-container-apps/issues/867 and wondering if its worth continuing with Front Door if Private Link is unsupported with workload profile. Are there any other options for Front Door?
I'm struggling with the same thing: private linking to front door does not seem possible because the load balancer produced by Azure Container Apps is an IP-based load balancer (called capp-svc-lb
) which is not supported by the Private Link Service. I've also added the same information on this issue: https://github.com/microsoft/azure-container-apps/issues/867
Hi all, you are correct. the current implementation of ACA with workload profiles, uses a load balancer with IP based Backend Pool which can’t function as a Private Link service. So for the time being AFD is not supported scenario. PG has flagged the related Issue in ACA repo as in progress/roadmap (https://github.com/orgs/microsoft/projects/540/views/1?query=is%3Aopen+sort%3Aupdated-desc&pane=issue&itemId=35488023).
I'm trying to update the scenario to use Front Door in place of Application Gateway but having problems with the Front Door module. I've had to fix some of the Terraform scripts, for example, in https://github.com/Azure/aca-landing-zone-accelerator/blob/main/scenarios/aca-internal/terraform/modules/06-front-door/local.tf
should be:
which makes me wonder if this module has been tested?
Anyway after fixing some of the scripts I'm having problems when creating the Private Link Service. Here's the Terraform output:
I've looked around and I've found no complete solution for creating private ACA with Front Door through Private Link. The closest is https://github.com/microsoft/azure-container-apps/wiki/Create-a-private-ACA-environment-with-Azure-Front-Door
Do you have any guidance on this? Would love to get this working and happy to raise a PR for the fixes.