Open torosent opened 1 year ago
Don't need more than just this title : Hyped 💯 😄
Awesome, thanks for listening!
Waiting for this, trying to migrate my actual SMTP relay to Container Apps but this breaks the whole process.
ATM made it working by having two instances of SMTP, one for port 25 and another one for 465 sharing the volume. Not the best practice, but the one that works.
Looking forward to this! Thank you team!
This is currently a massive blocker for ACA usage in my opinion, as there's a ton of services that require multiple exposed ports. Really looking forward for this to be implemented.
I'm also really looking forward to be able to do remote debugging of my web applications.
Slightly confused here...are we talking about multiple ports exposed externally, or internally, or both?
My use case is Selenium Grid, where I need a "hub" container to have the only externally available ingress port for its management console. But separate node/worker Container Apps in the same environment need to be able to consume an event queue on the hub where the publish and subscribe ports are different.
So, need a container app with one ingress port and two "internal" ports.
Slightly confused here...are we talking about multiple ports exposed externally, or internally, or both?
Both. Each additional port mapping will have its own external/internal state ref.
Very hyped for this! 🚀 Any updates on the work so far? Is there an estimated release date?
We are working on the docs but you can use it now with api version 2023-05-02-preview under ingress
section
"additionalPortMappings": [
{
"external": true,
"targetPort": 1234
},
{
"external": false,
"targetPort": 2345,
"exposedPort": 3456
}
]
What is the reason of having a custom VNET as a requirement? To expose multiple external http ports?
I am sorry, I am just starting with Azure and I am completely lost about updating existing ACA to add additionalPortMappings config using CLI.
I am using az containerapp update -g groupName -n appName --yaml <yamlPath>
The yaml contains the following section:
ingress:
external: true
transport: Tcp
allowInsecure: false
targetPort: 10000
exposedPort: 10000
additionalPortMappings:
- external: true
targetPort: 1001
exposesdPort: 1001
But it still gives me error: Bad Request({"type":"https://tools.ietf.org/html/rfc7231#section-6.5.1","title":"One or more validation errors occurred.","status":400,"traceId":"00-f4f96e97b9de893a2316e4f101410e53-685b10742c4f49c5-01","errors":{"$":["Unknown properties additionalPortMappings in Microsoft.ContainerApps.WebApi.Views.Version20230401Preview.ContainerAppIngress are not supported"]}})
I believe I have the latest version of the CLI extension, specifying the preview apiVersion at the top of the yaml file seems to have no effect.
When I check the details of the container app via az containerapp show
command I can already see the new property additionalPortMapping, which is obviously set to null.
Thanks for any help.
What is the reason of having a custom VNET as a requirement? To expose multiple external http ports?
@elglogins additional ports are all TCP. External http ports are 80/443 only.
@drapka the cli hasn't been updated yet to use that preview api version so it won't work there.
If you want to live dangerously :) you can put this in a patch.json
file
{
"properties": {
"configuration": {
"ingress": {
"external": true,
"transport": "Tcp",
"targetPort": 10000,
"exposedPort": 10000,
"additionalPortMappings": [
{
"external": true,
"targetPort": 1001,
"exposedPort": 1001
}
]
}
}
}
}
then do
# get your app's full resource id
ID=$(az containerapp show -n appName -g groupName -o tsv --query id)
# patch the app using patch.json and api-version=2023-05-02-preview
az rest \
--method patch \
--body @patch.json \
--url "${ID}?api-version=2023-05-02-preview"
# verify the property is there
az rest \
--method get \
--url "${ID}?api-version=2023-05-02-preview" | \
jq -r '.properties.configuration.ingress'
What if the transport for the second port is different. For example, gRPC for integration between microservices?
What if the transport for the second port is different. For example, gRPC for integration between microservices?
@gcrockenberg All additional ports are TCP. So any tcp based protocol (like htt2/grpc) should work.
@ahmelsayed, if I understood this correctly this won't allow us to expose UDP ports? If so, are they any plans to introduce this?
We have a use case where we must expose a service over udp.
Correct, we don't have UDP. Can't speak of any plans myself.
Hi @torosent and @ahmelsayed,
First, thank you for this feature!
Is this still in development or is it in preview now as the documentation indicates? Do you have a rough ETA for GA?
https://learn.microsoft.com/en-us/azure/container-apps/ingress-overview#additional-tcp-ports
It's in preview now. You can use it through ARM/bicep (api-version=2023-05-02-preview) or the cli with --yaml option. Here is a bicep sample https://github.com/ahmelsayed/bicep-templates/blob/main/aca-app-multiple-ports.bicep#L20-L36
with --yaml
in the cli, add the following to your ingress
additionalPortMappings:
- external: false
targetPort: 9090
exposedPort: 9090
- external: false
targetPort: 22
exposedPort: 22
I just tried running a bicep "what-if" with that preview and did not see the additionalPortMapping applied. I didn't see an error just didn't see the port mapping either.
Thank for this feature !
I tried it with the cli and the --yaml
option but it doesn't seem to work.
Like @gcrockenberg I didn't have any errors but the additional ports are not accessible.
And the additionalPortMappings
is actually displayed in the result of the cli command with the good value in it. But it's the only place I saw it (but because it's in preview it doesn't surprise me).
And for information the "main" HTTP port is working correctly.
@chadray, you just worked on this and got it working with external: true
, right? I'm not sure I fully understand that property yet, but @gcrockenberg and @RocheVal, it may be worth exploring.
@chadray, you just worked on this and got it working with
external: true
, right? I'm not sure I fully understand that property yet, but @gcrockenberg and @RocheVal, it may be worth exploring.
The external property indicates whether the app port is accessible outside of the environment.
Yes, I used the external: true
to access it from outside.
In fact, in my yaml, my ingress look like this.
ingress:
allowInsecure: true
external: true
targetPort: 15672
transport: http
additionalPortMappings:
- external: true
exposedPort: 5672
targetPort: 5672
I want to configure 2 external port. One for HTTP and one for TCP.
I’ll test it though my intent if for the additional port to be used internally between containers. I do not want to expose it externally.
Thank you
From: Valentin @.> Sent: Tuesday, August 29, 2023 9:34 AM To: @.> Cc: @.>; @.> Subject: Re: [microsoft/azure-container-apps] Roadmap: Multiple ports support (Issue #763)
Yes, I used the external: true to access it from outside.
In fact, in my yaml, my ingress look like this.
ingress:
allowInsecure: true
external: true
targetPort: 15672
transport: http
additionalPortMappings:
- external: true
exposedPort: 5672
targetPort: 5672
I want to configure 2 external port. One for HTTP and one for TCP.
— Reply to this email directly, view it on GitHubhttps://github.com/microsoft/azure-container-apps/issues/763#issuecomment-1697457494, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AAPVKC3IPWJDK5IP777SRVLXXXVVVANCNFSM6AAAAAAYUHNJLM. You are receiving this because you were mentioned.Message ID: @.***>
api-version=2023-05-02-preview
@ahmelsayed I tried the patching solution, in my case it fails with:
Bad Request({"error":{"code":"ContainerAppSecretInvalid","message":"Invalid Request: Container app secret(s) with name(s) 'reg-pswd-f60c7731-bf65' are invalid: value or keyVaultUrl and identity should be provided."}}).
Happy to see the feature is in preview!
I'm running a few container apps with an additional port specified on each one so I can facilitate gRPC between containers. My container app env is also deployed to a custom vnet. When I execute a grpcurl
request within one container to another, I receive a successful response when addressing the internal IP address of the container, (e.g. grpcurl -plaintext 10.5.0.37:443 list
). However, I cannot get a successful response when addressing the container by its host name + DNS suffix (e.g. my-service.<unique-identifier>.<location>.azurecontainerapps.io:443
).
The additional ports are all external. Is there something I am missing?
additionalPorts:
- external: true
targetPort: 443
exposedPort: 443
Trying to deploy a container app with 4 external tcp ports using CLI + yml, the deployment completes just fine but the provision status is stuck in "Provisioning". The only information available is the following log from the Sytem Logs stream:
{"TimeStamp":"2023-09-21T08:58:32Z","Type":"Normal","ContainerAppName":null,"RevisionName":null,"ReplicaName":null,"Msg":"Connecting to the events collector...","Reason":"StartingGettingEvents","EventSource":"ContainerAppController","Count":1}
{"TimeStamp":"2023-09-21T08:58:35Z","Type":"Normal","ContainerAppName":null,"RevisionName":null,"ReplicaName":null,"Msg":"Successfully connected to events server","Reason":"ConnectedToEventsServer","EventSource":"ContainerAppController","Count":1}
{"TimeStamp":"2023-09-21 08:56:47 \u002B0000 UTC","Type":"Normal","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"","ReplicaName":"","Msg":"Deactivating old revisions for ContainerApp \u0027[APP_NAME_HERE]\u0027","Reason":"RevisionDeactivating","EventSource":"ContainerAppController","Count":2}
{"TimeStamp":"2023-09-21 08:56:48 \u002B0000 UTC","Type":"Normal","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"[APP_NAME_HERE]--z00g9fu","ReplicaName":"","Msg":"Successfully provisioned revision \[APP_NAME_HERE]--z00g9fu\u0027","Reason":"RevisionReady","EventSource":"ContainerAppController","Count":3}
{"TimeStamp":"2023-09-21 08:56:47 \u002B0000 UTC","Type":"Normal","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"","ReplicaName":"","Msg":"Successfully updated containerApp: [APP_NAME_HERE]","Reason":"ContainerAppReady","EventSource":"ContainerAppController","Count":2}
{"TimeStamp":"2023-09-21 08:56:48 \u002B0000 UTC","Type":"Normal","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"","ReplicaName":"","Msg":"Updating containerApp: [APP_NAME_HERE]","Reason":"ContainerAppUpdate","EventSource":"ContainerAppController","Count":11}
{"TimeStamp":"2023-09-21 08:56:48 \u002B0000 UTC","Type":"Normal","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"[APP_NAME_HERE]--z00g9fu","ReplicaName":"","Msg":"Updating revision : [APP_NAME_HERE]--z00g9fu","Reason":"RevisionUpdate","EventSource":"ContainerAppController","Count":10}
{"TimeStamp":"2023-09-21 08:56:48 \u002B0000 UTC","Type":"Normal","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"","ReplicaName":"","Msg":"Setting traffic weight of \u0027100%\u0027 for revision \u0027[APP_NAME_HERE]--z00g9fu\u0027","Reason":"RevisionUpdate","EventSource":"ContainerAppController","Count":3}
{"TimeStamp":"2023-09-21 08:56:46 \u002B0000 UTC","Type":"Warning","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"[APP_NAME_HERE]--z00g9fu","ReplicaName":"[APP_NAME_HERE]--z00g9fu-5f4b867ff9-rlhvm","Msg":"0/2 nodes are available: 2 node(s) didn\u0027t match Pod\u0027s node affinity/selector. preemption: 0/2 nodes are available: 2 Preemption is not helpful for scheduling.","Reason":"AssigningReplicaFailed","EventSource":"ContainerAppController","Count":0}
{"TimeStamp":"2023-09-21 08:56:53 \u002B0000 UTC","Type":"Normal","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"[APP_NAME_HERE]--z00g9fu","ReplicaName":"[APP_NAME_HERE]--z00g9fu-5f4b867ff9-rlhvm","Msg":"pod didn\u0027t trigger scale-up: 3 node(s) didn\u0027t match Pod\u0027s node affinity/selector","Reason":"NotTriggerScaleUp","EventSource":"ContainerAppController","Count":1}
{"TimeStamp":"2023-09-21T08:59:35Z","Type":"Normal","ContainerAppName":null,"RevisionName":null,"ReplicaName":null,"Msg":"No events since last 60 seconds","Reason":"NoNewEvents","EventSource":"ContainerAppController","Count":1}
{"TimeStamp":"2023-09-21T09:00:36Z","Type":"Normal","ContainerAppName":null,"RevisionName":null,"ReplicaName":null,"Msg":"No events since last 60 seconds","Reason":"NoNewEvents","EventSource":"ContainerAppController","Count":1}
{"TimeStamp":"2023-09-21T09:01:36Z","Type":"Normal","ContainerAppName":null,"RevisionName":null,"ReplicaName":null,"Msg":"No events since last 60 seconds","Reason":"NoNewEvents","EventSource":"ContainerAppController","Count":1}
{"TimeStamp":"2023-09-21 09:01:49 \u002B0000 UTC","Type":"Warning","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"[APP_NAME_HERE]--z00g9fu","ReplicaName":"[APP_NAME_HERE]--z00g9fu-5f4b867ff9-rlhvm","Msg":"0/2 nodes are available: 2 node(s) didn\u0027t match Pod\u0027s node affinity/selector. preemption: 0/2 nodes are available: 2 Preemption is not helpful for scheduling.","Reason":"AssigningReplicaFailed","EventSource":"ContainerAppController","Count":0}
{"TimeStamp":"2023-09-21 09:01:55 \u002B0000 UTC","Type":"Normal","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"[APP_NAME_HERE]--z00g9fu","ReplicaName":"[APP_NAME_HERE]--z00g9fu-5f4b867ff9-rlhvm","Msg":"pod didn\u0027t trigger scale-up: 3 node(s) didn\u0027t match Pod\u0027s node affinity/selector","Reason":"NotTriggerScaleUp","EventSource":"ContainerAppController","Count":31}
{"TimeStamp":"2023-09-21T09:02:55Z","Type":"Normal","ContainerAppName":null,"RevisionName":null,"ReplicaName":null,"Msg":"No events since last 60 seconds","Reason":"NoNewEvents","EventSource":"ContainerAppController","Count":1}
The following YAML was used to create the app:
location: westeurope
name: [APP_NAME_HERE]
properties:
configuration:
activeRevisionsMode: Single
secrets:
[SOME_SECRETS_HERE]
registries:
[ACR_SETTINGS_HERE]
ingress:
transport: tcp
allowInsecure: false
exposedPort: 9100
targetPort: 9100
external: true
additionalPortMappings:
- exposedPort: 9200
targetPort: 9200
external: true
- exposedPort: 9300
targetPort: 9300
external: true
- exposedPort: 9400
targetPort: 9400
external: true
traffic:
- latestRevision: true
weight: 100
managedEnvironmentId: [ENV_ID_HERE]
template:
containers:
- image: [ACR_NAME_HERE]/[IMAGE_NAME_HERE]:[IMAGE_REVISION_HERE]
name: [IMAGE_NAME_HERE]
resources:
cpu: 0.25
memory: 0.5Gi
env:
[SOME_ENV_REFERENCING_SECRETS]
scale:
maxReplicas: 1
minReplicas: 1
workloadProfileName: Consumption
type: Microsoft.App/containerApps
After a while, status changes to Provisioned but Running Status becomes "Degraded" and no replica is actually running
@jlkardas
Have you tried changing the port to other than 443?
Hello together!
When is this feature gonna be generaly available?
Best regards
Happy to see the feature is in preview!
I'm running a few container apps with an additional port specified on each one so I can facilitate gRPC between containers. My container app env is also deployed to a custom vnet. When I execute a
grpcurl
request within one container to another, I receive a successful response when addressing the internal IP address of the container, (e.g.grpcurl -plaintext 10.5.0.37:443 list
). However, I cannot get a successful response when addressing the container by its host name + DNS suffix (e.g.my-service.<unique-identifier>.<location>.azurecontainerapps.io:443
).The additional ports are all external. Is there something I am missing?
additionalPorts: - external: true targetPort: 443 exposedPort: 443
@jlkardas hostname+DNS suffix only supports ports with HTTP transport. You need to use \<app name>:\<port> for additional ports.
api-version=2023-05-02-preview
@ahmelsayed I tried the patching solution, in my case it fails with:
Bad Request({"error":{"code":"ContainerAppSecretInvalid","message":"Invalid Request: Container app secret(s) with name(s) 'reg-pswd-f60c7731-bf65' are invalid: value or keyVaultUrl and identity should be provided."}}).
@dummy-andra looks like your secret was not configured correctly in the payload. Make sure you have provide the secret value if it's not a key vault secret.
Trying to deploy a container app with 4 external tcp ports using CLI + yml, the deployment completes just fine but the provision status is stuck in "Provisioning". The only information available is the following log from the Sytem Logs stream:
{"TimeStamp":"2023-09-21T08:58:32Z","Type":"Normal","ContainerAppName":null,"RevisionName":null,"ReplicaName":null,"Msg":"Connecting to the events collector...","Reason":"StartingGettingEvents","EventSource":"ContainerAppController","Count":1} {"TimeStamp":"2023-09-21T08:58:35Z","Type":"Normal","ContainerAppName":null,"RevisionName":null,"ReplicaName":null,"Msg":"Successfully connected to events server","Reason":"ConnectedToEventsServer","EventSource":"ContainerAppController","Count":1} {"TimeStamp":"2023-09-21 08:56:47 \u002B0000 UTC","Type":"Normal","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"","ReplicaName":"","Msg":"Deactivating old revisions for ContainerApp \u0027[APP_NAME_HERE]\u0027","Reason":"RevisionDeactivating","EventSource":"ContainerAppController","Count":2} {"TimeStamp":"2023-09-21 08:56:48 \u002B0000 UTC","Type":"Normal","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"[APP_NAME_HERE]--z00g9fu","ReplicaName":"","Msg":"Successfully provisioned revision \[APP_NAME_HERE]--z00g9fu\u0027","Reason":"RevisionReady","EventSource":"ContainerAppController","Count":3} {"TimeStamp":"2023-09-21 08:56:47 \u002B0000 UTC","Type":"Normal","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"","ReplicaName":"","Msg":"Successfully updated containerApp: [APP_NAME_HERE]","Reason":"ContainerAppReady","EventSource":"ContainerAppController","Count":2} {"TimeStamp":"2023-09-21 08:56:48 \u002B0000 UTC","Type":"Normal","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"","ReplicaName":"","Msg":"Updating containerApp: [APP_NAME_HERE]","Reason":"ContainerAppUpdate","EventSource":"ContainerAppController","Count":11} {"TimeStamp":"2023-09-21 08:56:48 \u002B0000 UTC","Type":"Normal","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"[APP_NAME_HERE]--z00g9fu","ReplicaName":"","Msg":"Updating revision : [APP_NAME_HERE]--z00g9fu","Reason":"RevisionUpdate","EventSource":"ContainerAppController","Count":10} {"TimeStamp":"2023-09-21 08:56:48 \u002B0000 UTC","Type":"Normal","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"","ReplicaName":"","Msg":"Setting traffic weight of \u0027100%\u0027 for revision \u0027[APP_NAME_HERE]--z00g9fu\u0027","Reason":"RevisionUpdate","EventSource":"ContainerAppController","Count":3} {"TimeStamp":"2023-09-21 08:56:46 \u002B0000 UTC","Type":"Warning","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"[APP_NAME_HERE]--z00g9fu","ReplicaName":"[APP_NAME_HERE]--z00g9fu-5f4b867ff9-rlhvm","Msg":"0/2 nodes are available: 2 node(s) didn\u0027t match Pod\u0027s node affinity/selector. preemption: 0/2 nodes are available: 2 Preemption is not helpful for scheduling.","Reason":"AssigningReplicaFailed","EventSource":"ContainerAppController","Count":0} {"TimeStamp":"2023-09-21 08:56:53 \u002B0000 UTC","Type":"Normal","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"[APP_NAME_HERE]--z00g9fu","ReplicaName":"[APP_NAME_HERE]--z00g9fu-5f4b867ff9-rlhvm","Msg":"pod didn\u0027t trigger scale-up: 3 node(s) didn\u0027t match Pod\u0027s node affinity/selector","Reason":"NotTriggerScaleUp","EventSource":"ContainerAppController","Count":1} {"TimeStamp":"2023-09-21T08:59:35Z","Type":"Normal","ContainerAppName":null,"RevisionName":null,"ReplicaName":null,"Msg":"No events since last 60 seconds","Reason":"NoNewEvents","EventSource":"ContainerAppController","Count":1} {"TimeStamp":"2023-09-21T09:00:36Z","Type":"Normal","ContainerAppName":null,"RevisionName":null,"ReplicaName":null,"Msg":"No events since last 60 seconds","Reason":"NoNewEvents","EventSource":"ContainerAppController","Count":1} {"TimeStamp":"2023-09-21T09:01:36Z","Type":"Normal","ContainerAppName":null,"RevisionName":null,"ReplicaName":null,"Msg":"No events since last 60 seconds","Reason":"NoNewEvents","EventSource":"ContainerAppController","Count":1} {"TimeStamp":"2023-09-21 09:01:49 \u002B0000 UTC","Type":"Warning","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"[APP_NAME_HERE]--z00g9fu","ReplicaName":"[APP_NAME_HERE]--z00g9fu-5f4b867ff9-rlhvm","Msg":"0/2 nodes are available: 2 node(s) didn\u0027t match Pod\u0027s node affinity/selector. preemption: 0/2 nodes are available: 2 Preemption is not helpful for scheduling.","Reason":"AssigningReplicaFailed","EventSource":"ContainerAppController","Count":0} {"TimeStamp":"2023-09-21 09:01:55 \u002B0000 UTC","Type":"Normal","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"[APP_NAME_HERE]--z00g9fu","ReplicaName":"[APP_NAME_HERE]--z00g9fu-5f4b867ff9-rlhvm","Msg":"pod didn\u0027t trigger scale-up: 3 node(s) didn\u0027t match Pod\u0027s node affinity/selector","Reason":"NotTriggerScaleUp","EventSource":"ContainerAppController","Count":31} {"TimeStamp":"2023-09-21T09:02:55Z","Type":"Normal","ContainerAppName":null,"RevisionName":null,"ReplicaName":null,"Msg":"No events since last 60 seconds","Reason":"NoNewEvents","EventSource":"ContainerAppController","Count":1}
The following YAML was used to create the app:
location: westeurope name: [APP_NAME_HERE] properties: configuration: activeRevisionsMode: Single secrets: [SOME_SECRETS_HERE] registries: [ACR_SETTINGS_HERE] ingress: transport: tcp allowInsecure: false exposedPort: 9100 targetPort: 9100 external: true additionalPortMappings: - exposedPort: 9200 targetPort: 9200 external: true - exposedPort: 9300 targetPort: 9300 external: true - exposedPort: 9400 targetPort: 9400 external: true traffic: - latestRevision: true weight: 100 managedEnvironmentId: [ENV_ID_HERE] template: containers: - image: [ACR_NAME_HERE]/[IMAGE_NAME_HERE]:[IMAGE_REVISION_HERE] name: [IMAGE_NAME_HERE] resources: cpu: 0.25 memory: 0.5Gi env: [SOME_ENV_REFERENCING_SECRETS] scale: maxReplicas: 1 minReplicas: 1 workloadProfileName: Consumption type: Microsoft.App/containerApps
After a while, status changes to Provisioned but Running Status becomes "Degraded" and no replica is actually running
@pizerg this issue is related to additional ports. Are you still hitting the same issue now?
api-version=2023-05-02-preview
@ahmelsayed I tried the patching solution, in my case it fails with: Bad Request({"error":{"code":"ContainerAppSecretInvalid","message":"Invalid Request: Container app secret(s) with name(s) 'reg-pswd-f60c7731-bf65' are invalid: value or keyVaultUrl and identity should be provided."}}).
@dummy-andra looks like your secret was not configured correctly in the payload. Make sure you have provide the secret value if it's not a key vault secret.
reg-pswd-f60c7731-bf65
was NOT Configured by me.When deploying container app with ACR
, it automatically add ACR password to ACA Secrets and the reg-pswd-xxxxxx
is the name of the secret automatically generated upon the app's creation
Anyway I recreated ACA via Bicep and worked since updating it with the patch did not worked as expected.
Trying to deploy a container app with 4 external tcp ports using CLI + yml, the deployment completes just fine but the provision status is stuck in "Provisioning". The only information available is the following log from the Sytem Logs stream:
{"TimeStamp":"2023-09-21T08:58:32Z","Type":"Normal","ContainerAppName":null,"RevisionName":null,"ReplicaName":null,"Msg":"Connecting to the events collector...","Reason":"StartingGettingEvents","EventSource":"ContainerAppController","Count":1} {"TimeStamp":"2023-09-21T08:58:35Z","Type":"Normal","ContainerAppName":null,"RevisionName":null,"ReplicaName":null,"Msg":"Successfully connected to events server","Reason":"ConnectedToEventsServer","EventSource":"ContainerAppController","Count":1} {"TimeStamp":"2023-09-21 08:56:47 \u002B0000 UTC","Type":"Normal","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"","ReplicaName":"","Msg":"Deactivating old revisions for ContainerApp \u0027[APP_NAME_HERE]\u0027","Reason":"RevisionDeactivating","EventSource":"ContainerAppController","Count":2} {"TimeStamp":"2023-09-21 08:56:48 \u002B0000 UTC","Type":"Normal","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"[APP_NAME_HERE]--z00g9fu","ReplicaName":"","Msg":"Successfully provisioned revision \[APP_NAME_HERE]--z00g9fu\u0027","Reason":"RevisionReady","EventSource":"ContainerAppController","Count":3} {"TimeStamp":"2023-09-21 08:56:47 \u002B0000 UTC","Type":"Normal","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"","ReplicaName":"","Msg":"Successfully updated containerApp: [APP_NAME_HERE]","Reason":"ContainerAppReady","EventSource":"ContainerAppController","Count":2} {"TimeStamp":"2023-09-21 08:56:48 \u002B0000 UTC","Type":"Normal","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"","ReplicaName":"","Msg":"Updating containerApp: [APP_NAME_HERE]","Reason":"ContainerAppUpdate","EventSource":"ContainerAppController","Count":11} {"TimeStamp":"2023-09-21 08:56:48 \u002B0000 UTC","Type":"Normal","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"[APP_NAME_HERE]--z00g9fu","ReplicaName":"","Msg":"Updating revision : [APP_NAME_HERE]--z00g9fu","Reason":"RevisionUpdate","EventSource":"ContainerAppController","Count":10} {"TimeStamp":"2023-09-21 08:56:48 \u002B0000 UTC","Type":"Normal","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"","ReplicaName":"","Msg":"Setting traffic weight of \u0027100%\u0027 for revision \u0027[APP_NAME_HERE]--z00g9fu\u0027","Reason":"RevisionUpdate","EventSource":"ContainerAppController","Count":3} {"TimeStamp":"2023-09-21 08:56:46 \u002B0000 UTC","Type":"Warning","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"[APP_NAME_HERE]--z00g9fu","ReplicaName":"[APP_NAME_HERE]--z00g9fu-5f4b867ff9-rlhvm","Msg":"0/2 nodes are available: 2 node(s) didn\u0027t match Pod\u0027s node affinity/selector. preemption: 0/2 nodes are available: 2 Preemption is not helpful for scheduling.","Reason":"AssigningReplicaFailed","EventSource":"ContainerAppController","Count":0} {"TimeStamp":"2023-09-21 08:56:53 \u002B0000 UTC","Type":"Normal","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"[APP_NAME_HERE]--z00g9fu","ReplicaName":"[APP_NAME_HERE]--z00g9fu-5f4b867ff9-rlhvm","Msg":"pod didn\u0027t trigger scale-up: 3 node(s) didn\u0027t match Pod\u0027s node affinity/selector","Reason":"NotTriggerScaleUp","EventSource":"ContainerAppController","Count":1} {"TimeStamp":"2023-09-21T08:59:35Z","Type":"Normal","ContainerAppName":null,"RevisionName":null,"ReplicaName":null,"Msg":"No events since last 60 seconds","Reason":"NoNewEvents","EventSource":"ContainerAppController","Count":1} {"TimeStamp":"2023-09-21T09:00:36Z","Type":"Normal","ContainerAppName":null,"RevisionName":null,"ReplicaName":null,"Msg":"No events since last 60 seconds","Reason":"NoNewEvents","EventSource":"ContainerAppController","Count":1} {"TimeStamp":"2023-09-21T09:01:36Z","Type":"Normal","ContainerAppName":null,"RevisionName":null,"ReplicaName":null,"Msg":"No events since last 60 seconds","Reason":"NoNewEvents","EventSource":"ContainerAppController","Count":1} {"TimeStamp":"2023-09-21 09:01:49 \u002B0000 UTC","Type":"Warning","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"[APP_NAME_HERE]--z00g9fu","ReplicaName":"[APP_NAME_HERE]--z00g9fu-5f4b867ff9-rlhvm","Msg":"0/2 nodes are available: 2 node(s) didn\u0027t match Pod\u0027s node affinity/selector. preemption: 0/2 nodes are available: 2 Preemption is not helpful for scheduling.","Reason":"AssigningReplicaFailed","EventSource":"ContainerAppController","Count":0} {"TimeStamp":"2023-09-21 09:01:55 \u002B0000 UTC","Type":"Normal","ContainerAppName":"[APP_NAME_HERE]","RevisionName":"[APP_NAME_HERE]--z00g9fu","ReplicaName":"[APP_NAME_HERE]--z00g9fu-5f4b867ff9-rlhvm","Msg":"pod didn\u0027t trigger scale-up: 3 node(s) didn\u0027t match Pod\u0027s node affinity/selector","Reason":"NotTriggerScaleUp","EventSource":"ContainerAppController","Count":31} {"TimeStamp":"2023-09-21T09:02:55Z","Type":"Normal","ContainerAppName":null,"RevisionName":null,"ReplicaName":null,"Msg":"No events since last 60 seconds","Reason":"NoNewEvents","EventSource":"ContainerAppController","Count":1}
The following YAML was used to create the app:
location: westeurope name: [APP_NAME_HERE] properties: configuration: activeRevisionsMode: Single secrets: [SOME_SECRETS_HERE] registries: [ACR_SETTINGS_HERE] ingress: transport: tcp allowInsecure: false exposedPort: 9100 targetPort: 9100 external: true additionalPortMappings: - exposedPort: 9200 targetPort: 9200 external: true - exposedPort: 9300 targetPort: 9300 external: true - exposedPort: 9400 targetPort: 9400 external: true traffic: - latestRevision: true weight: 100 managedEnvironmentId: [ENV_ID_HERE] template: containers: - image: [ACR_NAME_HERE]/[IMAGE_NAME_HERE]:[IMAGE_REVISION_HERE] name: [IMAGE_NAME_HERE] resources: cpu: 0.25 memory: 0.5Gi env: [SOME_ENV_REFERENCING_SECRETS] scale: maxReplicas: 1 minReplicas: 1 workloadProfileName: Consumption type: Microsoft.App/containerApps
After a while, status changes to Provisioned but Running Status becomes "Degraded" and no replica is actually running
@pizerg this issue is related to additional ports. Are you still hitting the same issue now?
@zhenqxuMSFT I opened a support request with the Azure team and they are investigating this, as far as I know, last week the issue was still happening, however I managed to find a workaround, after the initial deploy fails as described in my initial message, I just need to create a new revision (using the portal for example) and the new revision is deployed correctly and fully functional, including the 4 tcp ports defined in the original failed deployment
@zhenqxuMSFT Please support "transport":"http" for additional ports as well. If we only get tcp we have to start to offload tls in the app , that is very ugly. We want that we can manage (custsom) certs in azure not in our app, also because of load balancing etc
It works over additional port (no ssl, we would need setup extra ssl inside the app) It does not work over main port with ssl managed by ACA - Is this expected to be a bug?
@zhenqxuMSFT
It seems that the official Azure DevOps pipeline is breaking the additional ports configuration of an existing app that uses this feature (no ingress settings specified in the pipeline stage "Azure Container Apps Deploy" version 1.*) and only keeping the main port active.
@zhenqxuMSFT
It seems that the official Azure DevOps pipeline is breaking the additional settings configuration of an existing app that uses this feature (no ingress settings specified in the pipeline stage "Azure Container Apps Deploy" version 1.*) and only keeping the main port active.
Also experiencing this issue
@cforce Thanks for the feedback, noted.
It does not work over main port with ssl managed by ACA - Is this expected to be a bug?
Did you mean custom domain is not working for you? Could you elaborate more?
@pizerg @jlkardas do you have any name of container app names and timeframes I can take a look? Or if it's possible for you to provide some steps for me to repro the issue?
I had to put this subject aside but now I'm back on it. And when I tried to reuse my "old" yaml file the additional ports are not working (like when I tried few months ago). And if I look at configuration details I don't see any of the additional ports (contrary to few months ago where I could see the additional ports in the config).
I used the workaround proposed by @ahmelsayed, and I updated my app through the API, to add additional ports and it worked.
So it seems it's working only through API.
I will continue to use it and tell you if I face other issues
@RocheVal could you upgrade to latest cli and try with --yaml again? If that still not work, could you provide the output of cli command with --debug option to acasupport at microsoft dot com and we will take a look at the issue ASAP.
I updated az cli to 2.55.0 and the results is the same (app created but additional ports not working).
I sent an email to acasupport@microsoft.com with the output of cli with --debug
.
@RocheVal could you install containerapp cli extension with az extension add -n containerapp
and then try again? Only GA feature will be in azure cli core and all preview features will be in containerapp extension.
Thank you it's working correctly with the extension containerapp
.
I didn't see in it the docs, I don't know if it wasn't specified or if I didn't read correctly.
But thank again it's working like expected now !
@zhenqxuMSFT
@pizerg @jlkardas do you have any name of container app names and timeframes I can take a look? Or if it's possible for you to provide some steps for me to repro the issue?
If you contact me privately I could provide the required information, otherwise the repro steps are quite straightforward, just deploy any container app with additional ports (in our case 1 main tcp port and 3 additional tcp ports running in a consumption environment). After checking all ports work correctly, deploy a new revision using the official Azure DevOps' Container App Deploy pipeline (just leave ingress setting empty) and you should see that only the main port is working after that
@zhenqxuMSFT
@pizerg @jlkardas do you have any name of container app names and timeframes I can take a look? Or if it's possible for you to provide some steps for me to repro the issue?
If you contact me privately I could provide the required information, otherwise the repro steps are quite straightforward, just deploy any container app with additional ports (in our case 1 main tcp port and 3 additional tcp ports running in a consumption environment). After checking all ports work correctly, deploy a new revision using the official Azure DevOps' Container App Deploy pipeline (just leave ingress setting empty) and you should see that only the main port is working after that
Similarly, if you could provide me with an email address I would be more than happy to provide some documentation for our ACA and release pipeline setup, or whatever required information you may need.
@zhenqxuMSFT Any update on the issue related to Azure Pipelines ?
Hi There
We have a setup of 3 Rabbit MQ Container apps running Rabbit MQ Alpine image from docker hub We have added an etra port for AMQP and the other port is used for health checks via TCP 1 of the containers is being used on our QA environment and the other 2 are not yet used All three are in different resource groups
We have an issue where the containers keep creating new replicas for no aparrent reason, when they do they will all create new replicas on the same day for no apparent reason. We have made sure the containers have 4 gig ram and other resources are fine. The revisions stay the same but why are new replicas getting created? scaling is set to 1 - 1
We would like to use this setup in production but are not sure how to fix the auto creation of replicas The health of the replicas is Running (at max)
Please assist
8/30/2023 Public Preview: https://azure.microsoft.com/en-us/updates/public-preview-azure-container-apps-supports-additional-tcp-ports/ Docs: https://aka.ms/aca/additional-tcp-ports