how to connect to container app via s2s vpn

Copper Contributor

I need help connecting to a container app on azure from a site to site VPN.

What I have done:

  1. Create a Site to Site VPN which connects from our office site to the Azure cloud. I have proved this works by creating a Virtual machine in Azure and connecting to it from the VPN.
  2. Created a ContainerApp Environment with defined non-internal virtual network with a subnet.
  3. Created a Container with the Microsoft quickstart image in that environment.
  4. Controlled access to that container using an Network Security Group, connecting over the Internet - not via VPN.

What I can't do is access the container from the VPN.

I can't see a way of connecting the subnet used for the container to be a subnet accessible from the VPN.

What am I missing ?

Can anyone give me a pointer in the right direction ?

Thanks

Peter

4 Replies

@wpyung 

 

I am not sure what you mean by:

Created a ContainerApp Environment with defined non-internal virtual network with a subnet.

 

I am presuming the ContainerApp Environment is injected into the vnet that your vpn gateway is in, with an internal loadbalancer? (or in a vnet peered to that?)

 

You also say: I can't see a way of connecting the subnet used for the container to be a subnet accessible from the VPN.

This also seems to indicate that you did not inject the environment into a custom vnet.

Can you elaborate a little more?

 

@wpyung 

 

Can elaborate more or any error message or screen?

AndreG
thanks for the response
I don't really undertsand what you mean by "injected into the vnet that your vpn gateway is in, with an internal loadbalancer". This probably shows a lack in my understanding to what I need.
Can you expian it a bit more or provide a detailed reference ?

Thanks

Peter

@wpyung 

In your original message you state 4 points that you have done. In point 1 you state you have created a S2S VPN connection which connects your office with that Azure Cloud. That means you have a VNet, with (at least) a VPN Gateway.

 

How is this VNet connected to the Container App Environment?

 

How I would do this, is to deploy the ACA environment in a custom VNet, possibly with an Internal loadbalancer. This could be a subnet within the same VNet that your VPN GW is deployed in or another VNet peered to that one.

 

This should allow you to make the containers available over the S2S connection, providing you also take care of the proper DNS name resolution.