Open tsbala opened 10 months ago
There is no official docs, but you could establish Private Link Service with ACA with the 'Consumption Only' Tier. You could something like below if you are using Bicep.
from the container app environment
var appName = split(kubeEnvironment.properties.defaultDomain, '.')[0]
output managedResourceGroupName string = 'mc_${appName}-rg_${appName}_${location}'
resource loadBalancer 'Microsoft.Network/loadBalancers@2023-05-01' existing = {
name: 'kubernetes-internal'
scope: resourceGroup(containerAppEnvManagedResourceGroup)
}
resource privateLinkService 'Microsoft.Network/privateLinkServices@2023-05-01' = {
name: privateLinkServiceName
location: location
properties: {
loadBalancerFrontendIpConfigurations: [
{
id: loadBalancer.properties.frontendIPConfigurations[0].id
}
]
ipConfigurations: [
{
name: 'pls-ip-config'
properties: {
privateIPAllocationMethod: 'Dynamic'
subnet: {
id: privateLinkServiceSubnetId
}
primary: true
privateIPAddressVersion: 'IPv4'
}
}
]
}
}
Will ACA internal environment work for your case? ACA internal environment will not allow any traffic from public and you can restrict access more via NSG rules. This works with workload profile environment too.
Is your feature request related to a problem? Please describe.
Support for adding private endpoints into VNETs for an ACA.
We are operating in a Hub & Spoke network design. We have deployed an internal ACA that all the spokes need to connect to. We have trawled the documentation but have not found any reference for adding a private endpoint for an ACA into a VNET.
Describe the solution you'd like.
Similar to Service Bus, CosmosDB etc the ability to drop a private endpoint for an ACA will be very useful
Describe alternatives you've considered.
Additional context.
Add any other context or screenshots about the feature request here.