How to use Azure Front Door with Azure Container Apps?

VinayakSB
October 31, 2022
115 views
0 votes
2 Answers

I plan to use Azure Front Door in front of my Container App and allow access only through Front Door. I have deployed an Internal Container Apps environment with a custom virtual network. I have added an NSG to the infra-subnet with an Inbound Rule that allows Azure FrontDoor.Backend. But this doesn’t seem to work.

Any suggestions on how to use Azure Front Door with Azure Container Apps?

Answers

- SwarnaAnipindi
- November 2, 2022 at 1:16 pm
- 0 votes
0
Azure Front Door is CDN service that delivers high performance, scalability applications. It has customizable rules engine for advanced routing capabilities, we can add Azure Container App URL / load balancers IP’s [[if it integrates with NSG allow respective ports in inbound]. Below sample example helps to deploy container app into Front Door.
1. Create and browse the container app URL, whether it was up and running or not without front door, either the way via Container App URL / Load Balancer.
2. Configure Front Door on container App
  
  NOTE: Origin type will be custom if we use Container App URL.
3. Click on Origin group and then verify whether its points to correct Endpoint or not ?
4. Copy the Front Door URL from Front Door Service
Output
Login or Signup to reply.

- sebafo
- January 31, 2023 at 11:10 pm
- 0 votes
0
To deploy AFD (Azure Front Door) with a private ACA (Azure Container Apps) environment you need to create a private link connection between Front Door and the internal Azure Load Balancer, that has been created by ACA.

For that reason you have to create a Private Link Service for the Load balancer.
The challenge is now to ‘find’ the Load Balancer the Private Link Service should be created for and add the ID of the Load Balancer to the Private Link Service resource, if done programmatically.

In my example I have used the default domain of the environment to create the name of the ‘auto-generated’ resource group, because you need to provide the name and the resource group of the Load Balancer to get the required ID.

Bicep example code:
```
// Create Container Apps Environment
resource environment 'Microsoft.App/managedEnvironments@2022-03-01' = {
  name: environmentName
  location: location
  
  ...
  
}

// Get the Default Domain of the ACA environment
var containerAppsEnvironmentDefaultDomain string = environment.properties.defaultDomain

// Split the domain to get the identifier of the ACA environment (the element before the location)
var containerAppsNameIdentifier = split(containerAppsDefaultDomainName, '.')[lastIndexOf(containerAppsDefaultDomainArray, location)-1]

// Use the identifier to 'generate' the resource group name
var containerAppsManagedResourceGroup = 'MC_${containerAppsNameIdentifier}-rg_${containerAppsNameIdentifier}_${location}'

// Get the ID of the Load Balancer
resource loadBalancer 'Microsoft.Network/loadBalancers@2021-05-01' existing = {
  name: 'kubernetes-internal'
  scope: resourceGroup(containerAppsManagedResourceGroup)
}
```
The full example including all Bicep code can be found at Github:
https://github.com/sebafo/frontdoor-container-apps
Login or Signup to reply.

Please signup or login to give your own answer.

Click here to cancel reply.