Target port missing error while port is present

[BrianLanghoor]

Is there an existing issue for this?

• [X] I have searched the existing issues

Community Note

• Please vote on this issue by adding a :thumbsup: reaction to the original issue to help the community and maintainers prioritize this request
• Please do not leave comments along the lines of "+1", "me too" or "any updates", they generate extra noise for issue followers and do not help prioritize the request
• If you are interested in working on this issue or have submitted a pull request, please leave a comment and review the contribution guide to help.

Terraform Version

1.9.3

AzureRM Provider Version

3.113.0

Affected Resource(s)/Data Source(s)

azurerm_container_app ingress

Terraform Configuration Files

#main.tf
terraform {
  backend "azurerm" {}
  required_providers {
    azurerm = {
      source  = "hashicorp/azurerm"
      version = "~> 3.113.0"
    }
  }
}

provider "azurerm" {
  features {}
}

locals {
  stack = "stack"

  default_tags = {
    environment = "env"
    app         = "app"
  }

}

resource "azurerm_resource_group" "my-appRg" {
  name     = local.stack
  location = var.region

  tags = local.default_tags
}

resource "azurerm_network_security_group" "securitygroup" {
  name                = "security-group"
  location            = azurerm_resource_group.my-appRg.location
  resource_group_name = azurerm_resource_group.my-appRg.name
}

resource "azurerm_virtual_network" "vnet" {
  name                = "network"
  location            = azurerm_resource_group.my-appRg.location
  resource_group_name = azurerm_resource_group.my-appRg.name
  address_space       = ["10.0.0.0/16"]
  dns_servers         = ["10.0.0.4", "10.0.0.5"]

  tags = {
    environment = "experiment"
  }
}

resource "azurerm_subnet" "subnet" {
  name                 = "subnet1"
  resource_group_name  = azurerm_resource_group.my-appRg.name
  address_prefixes     = ["10.0.1.0/24"]
  virtual_network_name = azurerm_virtual_network.vnet.name
  delegation {
    name = "delegation"

    service_delegation {
      name = "Microsoft.App/environments"
    }
  }
}

resource "azurerm_log_analytics_workspace" "workspace" {
  name                = "log-${local.stack}"
  location            = azurerm_resource_group.my-appRg.location
  resource_group_name = azurerm_resource_group.my-appRg.name

  tags = local.default_tags
}

resource "azurerm_container_app_environment" "my-app-environment" {
  name                               = local.stack
  location                           = azurerm_resource_group.my-appRg.location
  resource_group_name                = azurerm_resource_group.my-appRg.name
  infrastructure_resource_group_name = azurerm_resource_group.my-appRg.name
  infrastructure_subnet_id           = azurerm_subnet.subnet.id
  tags                               = local.default_tags
  log_analytics_workspace_id         = azurerm_log_analytics_workspace.workspace.id
  workload_profile {
    name                  = "Consumption"
    workload_profile_type = "Consumption"
  }
}

resource "azurerm_container_app" "my-app-container-app" {
  name                         = "my-app-${local.stack}"
  container_app_environment_id = azurerm_container_app_environment.my-app-environment.id
  resource_group_name          = azurerm_resource_group.my-appRg.name
  revision_mode                = "Single"
  registry {
    server               = "docker.io"
    username             = "SomeUserName"
    password_secret_name = "docker-io-pass"
  }

  ingress {
    allow_insecure_connections = false
    external_enabled           = true
    transport                  = "tcp"
    target_port                = 8080
    traffic_weight {
      percentage      = 100
      latest_revision = true
    }
  }

  template {
    container {
      name   = "my-application"
      image  = "hello-world:latest"
      cpu    = 1.0
      memory = "2Gi"
    }
  }

  secret {
    name  = "docker-io-pass"
    value = "someValue"
  }
}

Debug Output/Panic Output

│ Error: creating Container App (Subscription: "X"
│ Resource Group Name: "stack"
│ Container App Name: "my-app-stack"): performing CreateOrUpdate: unexpected status 409 (409 Conflict) with error: ContainerAppTcpIngressPortRequired: The Ingress's TargetPort or ExposedPort must be specified for TCP apps.
│ 
│   with azurerm_container_app.my-app-container-app,
│   on main.tf line 87, in resource "azurerm_container_app" "my-app-container-app":
│   87: resource "azurerm_container_app" "my-app-container-app" {
│ 
│ creating Container App (Subscription:
│ "X"
│ Resource Group Name: "stack"
│ Container App Name: "my-app-stack"): performing CreateOrUpdate: unexpected
│ status 409 (409 Conflict) with error: ContainerAppTcpIngressPortRequired:
│ The Ingress's TargetPort or ExposedPort must be specified for TCP apps.

Expected Behaviour

The target_port is provided as in the docs as a number so my assumtion would be that a container app with this port will be set and the container to be created.

Actual Behaviour

terraform command validate, init, plan all succeed. When trying to apply while creating the container app it states that the targetport for ingress is required for TCP apps while it is clearly in the main.tf. If the transport protocol is changed to auto/http/http2 everything works fine and also the port is correctly shown in the azure portal.

Steps to Reproduce

run terraform apply

Important Factoids

No response

References

No response

[jiaweitao001]

Hi @BrianLanghoor , thanks for opening the issue. In container app resource, if transport under ingress is set to tcp, exposed_port and target_port should be set at the same time. The doc is not very clear about this, we will put it in the note section.

[BrianLanghoor]

Ah makes sense thanks! If you are changing the docs could it also be possible to change the error message to say "targetport AND exposedport" instead of or. Thanks again

[Chambras]

@BrianLanghoor I submitted a PR adding a note in the documentation, but I am not able to find where that error is generated. Could you test again with the latest version and share the debug output that might give more information?

[Saadiqui]

Just saw this same error. Had the Target Port but not the Exposed Port set on the container.

az containerapp update   --name {container name}   --resource-group {resource group}   --image {image name}
(ContainerAppTcpIngressPortRequired) The Ingress's TargetPort or ExposedPort must be specified for TCP apps.

Got it working once I set the Exposed Port == Target Port on the Azure Portal

[github-actions[bot]]

I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.