DNS Resolution in Internal Container Apps Environments (CAE)

In this post, let's see how an App A can communicate with a container app: App B deployed on a Container Apps Environment (CAE) that is integrated into a VNet using internal virtual IP. App A is running inside the same VNet.

Create Container Apps Environment

The container app: App B, has Ingress enabled and accepts traffic from anywhere within the VNet.

Container App: Ingress settings

Now from App A, let's try to communicate with App B.

Server can't find

App A can't resolve the address. 

The reason:

• When we deploy an internal or an external CAE into our network, Azure is creating an infrastructure resource group behind the scene.
• For internal environments, the resource group only contains an Internal Load Balancer (ILB).
• By default, there is no domain registration for the internal ILB  that is created. This means we are responsible for configuring DNS resolution for the environment endpoint.

So let's create and configure an Azure Private DNS Zone for domain resolution.

I am using the Azure  CLI (on Windows).

# Declare Variables
$RESOURCE_GROUP = '<RESOURCE_GROUP>'
$CA_ENV_NAME = '<CONTAINER_APP_ENVIRONMENT_NAME>'
$VNET_NAME = '<VNET_NAME>'
 
# Retrieve the default domain of the Container App Environment
$CA_ENV_DEFAULT_DOMAIN = az containerapp env show `
  --resource-group $RESOURCE_GROUP `
  --name $CA_ENV_NAME `
  --query properties.defaultDomain `
  --output tsv
 
# Retrieve the static IP of the Container App Environment
$CA_ENV_STATIC_IP = az containerapp env show `
  --resource-group $RESOURCE_GROUP `
  --name $CA_ENV_NAME `
  --query properties.staticIp `
  --output tsv

Let's create the Private DNS Zone first.

# Create the Private DNS Zone
az network private-dns zone create `
  --resource-group $RESOURCE_GROUP `
  --name $CA_ENV_DEFAULT_DOMAIN

Create the Private DNS Zone

Next, we need to add a Virtual Network Link to the target VNet.

# Create the Virtual Network Link
az network private-dns link vnet create `
  --resource-group $RESOURCE_GROUP `
  --name $VNET_NAME `
  --virtual-network $VNET_NAME `
  --zone-name $CA_ENV_DEFAULT_DOMAIN `
  --registration-enabled true

Create the Virtual Network Link

Finally, create a A Record to point to the default domain of CAE.

# Create the A Record
az network private-dns record-set a add-record `
  --resource-group $RESOURCE_GROUP `
  --zone-name $CA_ENV_DEFAULT_DOMAIN `
  --record-set-name '*' `
  --ipv4-address $CA_ENV_STATIC_IP

Create the A Record

Now let's try to communicate with App B again.

Success

And that's it.

Hope this helps.

Happy Coding.

Regards,

Jaliya