Can anyone show me the YAML used to add a "Azure Container App" to a VNET.
NOTE: This is an Container App not Web App or Container Instance (brand new GA).
I am updating my YAML to include the VNET, 'Az containerapp update' runs without failing, but the container is not added to the VNET.
az containerapp update --yaml scripts/containerapp/containername.yaml --name containername --resource-group development
Thank to #jul_DW for the comment.
I can confirm that "Container-Apps" do not currently support VNET integration :(
https://github.com/microsoft/azure-container-apps/issues/3
You can now bring your own VNET as describe here:
Networking architecture in Azure Container Apps - Custom VNET configuration
Looking at the YAML examples for container app, I dont think it is possible to specify the custom VNET in YAML as the VNET is configured at the managed environment level.
Related
my scenario is like I have shared container registry in one subscription say subscription A, I need to pull image from ACR to ACA through DevOps pipelines. The ACAs are present for each environment like dev, test, UAT & etc which is in another subscription say subscription B. I am using 'az containerapp up' command in azure devops pipelines to pull image of the shared ACR. Getting error 'The resource is not found in the subscription B'. What might be the alternative possible solution because we need to reduce cost of using container registry for each environment.
I am using service connections to pull image and the service connections are separate for separate subscriptions.
I know that they are in different subscriptions but I searched on websites to connect two different subscriptions.
Is there a possibility that I can connect two different service connections in azure devops & use one service connection to pull that image.
Before integrating the Azure CLI command az containerapp up with Azure pipelines, please first confirm you are able to pull the ACR image from Sub B to deploy the container app in Sub A via CloudShell or LocalPowerShell.
I tested to create ARM service connection with Tenant Root Management Group whose referenced service principle had access to both subscriptions; the issue still existed.
In local PowerShell, I az login with my user account and still could reproduce the issue.
az containerapp up `
--name XXcontainerapp `
--image XXacrsubB.azurecr.io/azurecontainerappdemo:XX `
--resource-group rg-containerapp `
--environment TestEnv `
--registry-username XXacrsubB `
--registry-password XXXXXX
It seemed to be a limitation with this command az containerapp up. You may consider reporting the issue with Azure CLI.
I want to automate mapping a custom domain for my web app's deployment slots(not the production slot). I have achieved this through the Azure Portal with this guide, but I can't get it to work through the AZ CLI. It appears that in the cli, only through for the production slot is possible to achieve mapping a custom domain. This is the command to do it for the production slot but I can not see an option for other slots on the same web app. Also whatever I try on the webapp-name parameter to try and reference the slot(as supposingly is a separate web app) doesn't work(it keeps giving me app not found errors):
az webapp config hostname add --webapp-name <app_slot_name> --resource-group <rg> --hostname <cname_that_already_exists>
You can use --slot.
Offical doc.
az webapp config hostname add
az webapp config hostname add [--hostname]
[--ids]
[--resource-group]
[--slot]
[--subscription]
[--webapp-name]
I'm trying to Connect a Azure Webb app (containers) to an Azure Container Registry Using the Azure CLI. I have an Azure Container Registry located in the same Ressouce Group as the Webb App.
My command looks like this:
az webapp config container set --name "containerbugdemo" --resource-group "Containerbug" --docker-custom-image-name "application/helloworld:latest" --docker-registry-server-url "https://"$arcName.azurecr.io" --docker-registry-server-password "****" --docker-registry-server-user "***"
After running the command the container settings blade shows the following error:
Failed to get a list of tags.
And the Container fails to get pulled by the WebApp.
If I try the same procedure only using the graphical interface through the Azure portal, everything works as expected.
It seems you set the wrong image name. If you use the image in the ACR, you need to set the image name as acrname.azurecr.io/repository:tag, both when you create the web app and container setting, not just repository:tag. And the server URL is also a mistake that one more double quote in the question.
In azure web app we have two option to publish our code:
Via Code
Via Docker image
is there any way i can switch between this two.
Actually if you select Publish Profile as Connection Type you cannot deploy docker image. Please check this:
for Azure Resource Manager you can select container deployment:
but for Publish Profile you don't have this choice:
The same apply for YAML version.
I'm afraid that you can not change from code to container , but you can have two instances of your code, one using code and one using container within the same service app. You can re-created your webapp with the same name but with a different deployment method in the portal.
For details , please refer to this ticket with similar issue.
To switch the publish method from docker to code you can set the linuxFxVersion via Azure CLI. For example:
az webapp config set --name myWebApp --resource-group rgname --linux-fx-version 'DOTNETCORE|3.1'
To switch from code to docker you can just deploy a docker container and the web app will automatically switch to the docker publish method. For example:
Set-AzureRmWebApp -ResourceGroupName rgName -Name myWebApp -ContainerImageName imageName:tag -ContainerRegistryUser userName -ContainerRegistryPassword $passwordSecure -ContainerRegistryUrl url
I have not tested it for windows apps but I supect it will behave similarly.
I've setup kubernetes in azure using the azure acs and the azure cli.
az account list
az account set --subscription foobar
az group create --name foobar --location westus
az acs create --orchestrator-type=kubernetes --resource-group foobar --master-count 1 --name=foobar --dns-prefix=foobar
I want to be able to setup a site to site vpn, so that kubernetes can reach internal services in my datacenter.
Unfortunatly azure acs sets up kubernetes on a 10.0.0.0 network which overlaps with other resources in azure and my datacenter.
I can't find any way to change which subnet kubernetes runs on in acs. Is there a way to change the prefered network?
There does not appear to be a way to choose network from the acs create command
az acs create --name
--resource-group
[--admin-password]
[--admin-username]
[--agent-count]
[--agent-vm-size]
[--client-secret]
[--dns-prefix]
[--generate-ssh-keys]
[--location]
[--master-count]
[--no-wait]
[--orchestrator-type {Custom, DCOS, Kubernetes, Swarm}]
[--service-principal]
[--ssh-key-value]
[--tags]
[--validate]
[--windows]
No, there's no way of doing that. There might be a way to create a new kubernetes to existing vnet, but I'm not aware of that.
Your another option would be to delete all vm's and recreate them in the new vnet. No guarantee it would work.
With ACS through its CLI you can specify subnet id so the acs is created in a particular VNET. However this is only available in certain regions