Open ErikRosengren-work opened 1 year ago
torosent
commented
1 year ago The outbound IP can change since there is no guarantee from the underlying infrastructure to have to same IP. The only way to guarantee it is to add a NAT gateway to your subnet or any other egress control appliance like Azure Firewall. Note that this solution applies for Workload Profiles (Consumption + Dedicated) mode. You cannot use NAT gateway in Consumption only mode.
fritzfs
commented
1 month ago @torosent thank you.
So, this comment is not relevant anymore?
Because, at this moment, I see approx 30 outbound IP addresses for my ACA with ACA Environment using Workload Profiles and Consumption plan and custom VNET.
Another question. So, I can configure NAT Gateway if I use Consumption plan in Workload Profile?
Yuvraj102
commented
2 weeks ago Hello Did you guys find any solution for this ?, I need static outbound ip for my ACA as well
This issue is a: (mark with an x)
Issue description
The following has recently been added to the documentation describing networking for container apps.
Quote from: https://github.com/MicrosoftDocs/azure-docs/blob/main/articles/container-apps/networking.md?plain=1#L106
I need clarification here regarding exactly what this means. Does this mean that the outbound IP that the container app gets from the container app environment can change? Because right now, as far as I can tell, the outbound IP-address of a container app in a managed container environment is determined by one of the IP addresses that can be found in a separate resource group with a generated name.
The reason I ask is because in my use case I need to guarantee that the outbound IP addresses don't change because of whitelisting.