I successfully created the Azure Container App named my-app-name to host the Python Flask App.
The hostname for my app uses FQDN, so it looks like my-app-name.grayocean-1r2fd430h.centralus.azurecontainerapps.io.
I would like the hostname to be more user-friendly, for example my-app-name.azurecontainerapps.io (similar to the App Service, where it's named my-app-name.azurewebsites.net by default)
What should I do to make my custom hostname point to the Container App?
Unlike app service, in container apps there is a concept of an environment that groups all your apps that might need to communicate together whether it's for microservices or other designs you might have. the grayocean-1r2fd430h.centralus part is the unique part for your particular environment in this case.
However, From Container Apps you have 2 options here to give your app a custom domain:
1- You can use a different suffix for all the apps on your environment. i.e: replacing .grayocean-1r2fd430h.centralus.azurecontainerapps.io with some domain you might have, like .cornisto.io for example See https://learn.microsoft.com/en-us/azure/container-apps/environment-custom-dns-suffix for how to configure that.
2- You can assign custom domains per container app where each application can have its own set of custom domains that route to it. See this doc for how to set that up https://learn.microsoft.com/en-us/azure/container-apps/custom-domains-certificates
You could also use a service like Azure Front Door or API Management to proxy traffic to your application and the configuration of a custom domain would be on that end instead.
Related
I need to have the same Azure App Service Custom Domain running in different App Services on the same region. Is that possible?
Custom domians are based in DNS, only one record should be pointing to one App Service, so I think it would not be recommended to have same custom domain in multiple App Services in the same region. Being said that, it works for different regions and it is common to see this deployments for instance behind Traffic Manager or Azure Frontdoor.
In order to do this in the same region is a bit more challenging as the only way is to make sure your App Service goes to a different webspace (https://learn.microsoft.com/en-us/azure/app-service/app-service-plan-manage#move-an-app-to-another-app-service-plan). So basically to make sure it goes to a different webspace you need to create a new Resource Group and a new App service Plan, then you can create the specific App Service and add the custom domain. In order to make sure they are in different webspaces, check if the Inbound IP is different.
I have got a Azure AKS cluster running on Azure cloud. It is accessed by frontend and mobile via Azure API Management. My Front end app is outside of the AKS.
Is it possible to use Azure Dev Spaces in this setup to test my changes in the isolated environment?
I've created a new namespace in the AKS and created a separate deployment slot for testing environment on the forntend app, but I can't figure out how to create an isolated routing on Azure API management.
As a result I'd like to have an isolated environment which shares most of the containers on AKS, but uses my local machine to host one service which is under testing at the moment.
I assume you intend to use Dev Spaces routing through a space.s. prefix on your domain name. For this to work, you ultimately need a Host header that includes such a prefix as part of the request to the Dev Spaces ingress controller running in your AKS cluster.
It sounds like in your case, you are running your frontend as an Azure Web App and backend services in AKS. Therefore your frontend would need to include the necessary logic to do one of two things:
Allow the slot instance to customize the space name to use (e.g. it might call the AKS backend services using something like testing.s.default.myservice.azds.io)
Read the Host header from the frontend request and propagate it to the backend request.
In either case, you will probably need to configure Azure API Management to correctly propagate appropriate requests to the testing slot you have created. I don't know enough about how API Management configures routing rules to help on this part, but hopefully I've been able to shed some light on the Dev Spaces part.
I have 2 domains I want to use with one web app. I want all traffic to be routed via the app gateway.
I have set up 2 example domains www.myfirstdomain.com www.mysecondomain.com
I have verified these websites in my azure web app and added each hostname to the web app.
I have created virtual directories in the web app as follows
/one -> site\wwwroot\one
/two -> site\wwwroot\two
When I type in www.www.myfirstdomain.com I want this to go to the /one directory when I type in www.myseconddomain.com I want this to go the /two directory
Does the app gateway need to have multi site listeners and path based rules, is only one backendpool required?
In Azure the concept of a web server is the underlying App Service Plan, on top of that each virtual directory is a web app. You can have multiple web apps per Service Plan. So the usual solution is to have a separate web app for each distinct website you have. You can attach multiple domain names to each app, but they will all point to the same code.
I have a web application that has frontend (React) and backend(Express) separately, so in my local environment, frontend is running on localhost:8080 while backend is running on localhost:3000.
I could deploy backend server to App Engine running on https://[app_name].appspot.com.
and then I also deployed frontend to Google Cloud Storage by referencing this. However, the frontend application is also running on https://[app_name].appspot.com.
When I open the app, it is showing frontend but api call is not working.
I do not have custom domain yet, and I am also using postgresql.
Is there any way to set different url for frontend and backend? or Am I doing something wrong in the structure to set an application?
Mapping to a domain name (either the default appspot.com one or a custom one) is done at the application level, not at the service level. Your both services, being part of the same app, would thus be mapped to the same domain.
Side note here: I assume you chose different service/module names for your services (in the respective .yaml files), otherwise they overwrite each-other at deployment time.
Routing a request to one service or another is done based on pattern matching on the filepath portion in the URL, not on the host/domain portion. First match wins and no match always goes to the default service.
Because of this typically the frontent is the default service (you can also leave it unnamed). An any other, more dedicated service, have an identifying pattern in their URL path which is used for routing with a dispatch.yaml file. In your case, for example, the backend service would be the specialized one and could serve, let's say, URLs starting with /backend/, thus could have a dispatch.file like this:
dispatch:
- url: "*/backend/*"
module: <backend-service-name>
More or less related:
Configuring two services on the same domain in dispatch.yaml
GCP Point Custom Domain to Specific App Engine Service
Running multiple services using dev_appserver.py on different ports
Note: You have to account for the specific pattern inside the specialized services as well. If, for example, your backend service currently serves a request for /index.html you'll have to adjust it to serve /backend/index.html instead.
It might be possible to make both services work side by side without a dispatch file, using other routing methods (see the entire How Requests are Routed section), but IMHO it's more difficult to set up and more fragile. Especially when trying to also use custom domains.
I'd like to implement micro service architecture on CF (run.pivotal.io) and have problems with creating my private backend services.
As I see I have to options at deployment: with and without route.
With route my services becomes public which is ok for my public site and my public REST API, but I don't want it for my backend services.
Without route I don't see how should I do service discovery.
What I found already:
Use VCAP_APPLICATION env variable and create my own service discovery (or use something like Eureka) based on that. Does this give me always a valid IP:PORT? No matter what DEA my app is running it is reachable on this IP:PORT by other apps on other DEAs?
Register my backend app as a service and bind it, than use VCAP_SERVICES. I'd like to do this but only found documentation about registering services outside CF. Is there a simple way to bind my own app as a service?
So what would be really nice is to be able to mark an app as private but still assign a host and domain to it, so (only) my other apps could call it though CF load balancers but it would be protected from the public.
Answers inline...
As I see I have to options at deployment: with and without route.
This depends on the Cloud Foundry installation and how it's configured. On PWS, you cannot talk directly between application instances. It's a security restriction. You have to go through the router.
With route my services becomes public which is ok for my public site and my public REST API, but I don't want it for my backend services.
The best you can do here is to add application level (or container level, if you prefer) security to prevent unauthorized access.
If you don't want to do password based authentication, you could do IP based filtering. On PWS, we just added a service with Statica. You can use that to send your outbound traffic through a proxy which will assign a static IP to that traffic. You could then restrict access to your app to only the Statica IPs.
Without route I don't see how should I do service discovery.
If you remove the route, you can't sent traffic to the app.
Use VCAP_APPLICATION env variable and create my own service discovery (or use something like Eureka) based on that. Does this give me always a valid IP:PORT? No matter what DEA my app is running it is reachable on this IP:PORT by other apps on other DEAs?
You'd probably need to use this enhancement. It was added to support this type of deployment. However this will only work on Cloud Foundry installation where the networking restrictions between application instances have been relaxed. Normally you cannot talk directly between instances.
Register my backend app as a service and bind it, than use VCAP_SERVICES. I'd like to do this but only found documentation about registering services outside CF. Is there a simple way to bind my own app as a service?
You can create a "user provided" service. Look at the cf cups command. It lets you create a service with an arbitrary set of parameters and data. This could contain the URLs for your services. Once you create the service, you can bind it to any number of apps.