Closed cboghy closed 1 year ago
clintsinger
commented
2 years ago I have a similar issue where my scenario is that I have a virtual machine that has SQL server exposed but isn't accessible unless allowed through the Network Security Group. Without knowing what the IP address will be, I can't add it to the allow list.
duglin
commented
2 years ago If you do az containerapp list you should see something like this for each app:
"outboundIpAddresses": [
"20.121.75.96",
"20.121.75.163",
"20.121.75.187"
]I believe those those be the IP addresses you'll need to put in the whitelist.
duglin
commented
2 years ago But keep in mind, I suspect that list will change over time as the list of Kubernetes nodes in the environment changes.
clintsinger
commented
2 years ago That did the trick for now. I'm currently using this as a work around while I wait for an answer to #373
VeselovAndrey
commented
2 years ago I have same issue - 3rd party API allows access only from whitelisted IPs. So, I need provide outbound IP of my Container App. Is it safe to use "outboundIpAddresses"? How often they can be changed?
Is it possible assign outbound static IP(s) for Container App?
VeselovAndrey
commented
2 years ago Also are outboundIpAddresses assigned to the single Container App or they can be shared between couple of them (and using them in whitelists are not secure).
kendallroden
commented
1 year ago The outbound IP is static for a given environment today. We no longer provide 3, and they will be static for the lifetime of an environment. You can use this outbound IP for whitelisting purposes
MarekLani
commented
1 year ago @kendallroden https://github.com/MicrosoftDocs/azure-docs/issues/103172 states, that outbound address is not static nor it can be made static
benjaminwillett
commented
6 months ago I seem to have problems with connectivity out from my container. I can do ubuntu updates etc to the container and dns lookups but unable to ping any internet ip. I can connect to the webservice on my container public ip but unable to make requests out from the container to my public facing SQL server IP. Am I trying to do something the azure infrastructure is not setup to do? Do I need a NAT gateway for the container to be able to make outbound requests? There is no NSG etc attached to my container.
If I create a container apps environment with the default virtual network, I can then get the "static IP" that assigned. If I try to make an http request from the container app to another web address, I see that the request comes from another IP. This outbound IP is different than the "static IP" Is the outbound IP also static? Can it be used in a whitelist on the server that receives the calls from a container app?