Custom Domain Validation Hangs for internal Ingress in Container Apps

[loadaverage]

This issue is a:

• [x] bug report -> please search issues before submitting
• [ ] documentation issue or request
• [ ] regression (a behavior that used to work and stopped in a new release)

Issue description

Custom domain in Container Apps can't be added when it's a hostname from private DNS zone.

I have a Container App with internal=true Ingress, because this is private microservice that should be not exposed to public. To access it from other apps, I have private DNS zone and required peering connections.

When I'm trying to add custom domain, this process just hangs forever. At the same time, adding domain works for public TLD using CNAME validation.

Steps to reproduce

1. Create private DNS zone and record that links to the CNAME of Container App environment hostname
2. Open "Custom Domains" pane of Container App
3. Select "Add certificate later" for TLS/SSL certificate option.
4. Enter custom hostname to "Domain" field
5. Select "CNAME" as "Hostname record type"
6. Click "Validate"

Expected behavior

Private domain should be successfully added to Container App.

Actual behavior

After clicking on "Validate", "Validating custom domain" message is appearing and nothing happening after that.

Screenshots

Additional context

Everything except adding custom domain is done with API (Terraform). Attempt of adding custom domain was done via Azure Web UI.

There are other environments with exactly the same configuration (basically replicated with Terraform) and it worked before without any issue.

[loadaverage]

It's still not resolved, but it works via az cli

[chinadragon0515]

It is a bug of portal. The fix is already on aka.ms/canary now. ETA for prod portal is 6/7.