Cannot use Container apps deploy task with background service

Azure / container-apps-deploy-pipelines-task

Azure Pipelines Task (Release Candidate) for building and deploying Azure Container Apps

MIT License

6 stars 10 forks source link

Cannot use Container apps deploy task with background service #2

Closed iamsamcoder closed 1 year ago

iamsamcoder commented 1 year ago

I have a background service worker that I've dockerized and pushed to Azure Container Registry. I've found that I cannot use the container app deploy task in my pipeline because the task has a default for targetPort which updates the app to have an ingress. When the app has an ingress, a new revision is unable to finish provisioning. I suspect there is some background probe even though the container settings have all probes disabled.

If I disable ingress on the container app for my background worker and deploy to the container app with the Azure CLI containerapp command, then my app will complete it's provisioning and be available.

Perhaps I need to add some custom health check to my background service, but I'm wondering if the container-app-deploy-task can be updated to work with apps which do not have an ingress?

cormacpayne commented 1 year ago

@iamsamcoder Hey Sam -- apologies for the delayed response; this seems like a reasonable ask! As you mentioned, we currently set a default target port for Container Apps with ingress enabled, but it shouldn't be an issue to provide an opt-out scenario for this via another argument on the task. We'll work on this and let you know when it's readily available in the RC task. Thanks!

danadesrosiers commented 1 year ago

I also need this task to not enable ingress. I have services that are meant to be accessible only internally, through Dapr. When they become accessible outside the environment, it's a major security problem.

Any ETA on this issue?

cormacpayne commented 1 year ago

@iamsamcoder @danadesrosiers Hey folks, apologies for the delayed response -- we have added an ingress argument to the task that allows you to provide internal or disabled (depending on your scenario) to override the default value of external, so this should remediate the issue that you're facing with ingress enabled publicly by default.

Please feel free to let me know if this resolves your issue or not. I'm going to close this issue, but I'm happy to continue conversations in this thread and re-open this issue if necessary.