Closed abouroubi closed 2 months ago
anthonychu
commented
3 months ago You should be able to update your container app's Bicep to add ipSecurityRestrictions and redeploy it. https://learn.microsoft.com/en-us/azure/templates/microsoft.app/containerapps?pivots=deployment-language-bicep
abouroubi
commented
3 months ago Hello @anthonychu, thanks for the reply.
That's not really a solution for me, let me explain why:
I have my first module, which will create all my resources, this module has more than 50 parameters supplied, resource names, Key Vault secrets, ...
And then I have a second module, which will set the Firewall Rules (named IP restrictions for Container Apps), this module have only the IP to authorize as parameters, so it can't recreate the whole Container App, it doesn't have all the 50 plus parameters, and is not supposed to have them, it's a standalone module.
The reason why I need to set the IP Restrictions separately, is a circular dependency, resource A needs the FQDN of my Container Apps, and my Container App needs the IP of resource A to authorize it.
This way of deploying our apps, works perfectly when we use Azure Web Apps, but now that we started migrating to Container Apps, it became an issue.
anthonychu
commented
3 months ago To do this, you'll need to retrieve the existing app and update it. I tried this and it works:
param containerAppName string = 'hello'
resource existingContainerApp 'Microsoft.App/containerApps@2024-03-01' existing = {
name: containerAppName
}
module updatedContainerApp './upsert-container-app.bicep' = {
name: 'updatedContainerApp'
params: {
location: existingContainerApp.location
properties: union(existingContainerApp.properties, {
configuration: {
ingress: {
ipSecurityRestrictions: [
{
name: 'my-ip-restriction'
action: 'Deny'
ipAddressRange: '192.168.0.0/24'
}
]
}
}
})
name: containerAppName
}
}// upsert-container-app.bicep
param name string
param location string
param properties object
resource updatedContainerApp 'Microsoft.App/containerApps@2024-03-01' = {
name: name
properties: properties
location: location
}
output updatedContainerApp object = updatedContainerAppI'll try this, thank you
microsoft-github-policy-service[bot]
commented
3 months ago This issue has been automatically marked as stale because it has been marked as requiring author feedback but has not had any activity for 4 days. It will be closed if no further activity occurs within 3 days of this comment.
Is your feature request related to a problem? Please describe.
I have a situation where I need to create my Azure Container App, and after the creation set a IP Restrictions.
Describe the solution you'd like.
I want a new resource to configure the IP Restrictions for an already existing Azure container app. The same as Azure Web App (Microsoft.Web/sites/config/appsettings@2022-09-01)
Describe alternatives you've considered.
Set it using azure cli, but it defeats the purpose of using Bicep.