Closed cboghy closed 1 year ago
I have a similar issue where my scenario is that I have a virtual machine that has SQL server exposed but isn't accessible unless allowed through the Network Security Group. Without knowing what the IP address will be, I can't add it to the allow list.
If you do az containerapp list
you should see something like this for each app:
"outboundIpAddresses": [
"20.121.75.96",
"20.121.75.163",
"20.121.75.187"
]
I believe those those be the IP addresses you'll need to put in the whitelist.
But keep in mind, I suspect that list will change over time as the list of Kubernetes nodes in the environment changes.
That did the trick for now. I'm currently using this as a work around while I wait for an answer to #373
I have same issue - 3rd party API allows access only from whitelisted IPs. So, I need provide outbound IP of my Container App. Is it safe to use "outboundIpAddresses"? How often they can be changed?
Is it possible assign outbound static IP(s) for Container App?
Also are outboundIpAddresses assigned to the single Container App or they can be shared between couple of them (and using them in whitelists are not secure).
The outbound IP is static for a given environment today. We no longer provide 3, and they will be static for the lifetime of an environment. You can use this outbound IP for whitelisting purposes
@kendallroden https://github.com/MicrosoftDocs/azure-docs/issues/103172 states, that outbound address is not static nor it can be made static
I seem to have problems with connectivity out from my container. I can do ubuntu updates etc to the container and dns lookups but unable to ping any internet ip. I can connect to the webservice on my container public ip but unable to make requests out from the container to my public facing SQL server IP. Am I trying to do something the azure infrastructure is not setup to do? Do I need a NAT gateway for the container to be able to make outbound requests? There is no NSG etc attached to my container.
If I create a container apps environment with the default virtual network, I can then get the "static IP" that assigned. If I try to make an http request from the container app to another web address, I see that the request comes from another IP. This outbound IP is different than the "static IP" Is the outbound IP also static? Can it be used in a whitelist on the server that receives the calls from a container app?