Connectivity issue of backend service on a Container App from Azure VM mapped to Same Vnet

Srikanth TV 0 Reputation points
2024-03-05T04:44:44.2033333+00:00

Use case:

I have frontend app(React JS) running on Azure VM(Ubuntu) and backend service in azure container apps. Both Azure VM and  Backend Container App on second one should be private and needs to be only available as backend for the first app. both are inside the same VNET. The frontend app in Azure VM cannot connect to the container app in the internal environment, even though no NSG rules deny any traffic inside the VNET. However, if i create enable backend container app as public(enabling accepting traffic from anywhere) then they are able to connect to each other.

How can i make it work if the Frontend Azure VM and Backend Container App( with Limited to VNet) are mapped to same VNet.

Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,264 questions
Azure Container Apps
Azure Container Apps
An Azure service that provides a general-purpose, serverless container platform.
325 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. GitaraniSharma-MSFT 49,256 Reputation points Microsoft Employee
    2024-03-06T11:14:29.0233333+00:00

    Hello @Srikanth TV ,

    Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

    I understand that you are facing connectivity issue from an Azure VM to the backend service on a Container App mapped to same Vnet.

    As per Networking requirement, when using an internal Container Apps environment, you must create a private DNS zone that resolves the Container Apps environment's default domain to the static IP address of the Container Apps environment, or you can use your own custom DNS server.

    Refer: https://video2.skills-academy.com/en-us/azure/container-apps/networking?tabs=workload-profiles-env%2Cazure-cli#dns

    You've not mentioned anything about your DNS configuration in the setup. But I assume you are using the default Azure-provided DNS server.

    If yes, then you must create a private DNS zone names as the Container App environment's default domain with an A record containing the static IP address of the Container App.

    User's image

    Without a private DNS zone or your own DNS server, the Azure VM will not be able to resolve the FQDN of the internal Container Apps configured in the Vnet. Without this DNS binding, the Container Apps will not be accessible.

    So, to resolve this issue, you need to either create a private DNS zone and link it to the Vnet or use your own DNS server.

    Kindly let us know if the above helps or you need further assistance on this issue.

    Please "Accept the answer" if the information helped you. This will help us and others in the community as well.