Share via

Internal Azure Container Apps communication between subscriptions

Bon Macalindong 65 Reputation points
2024-06-17T21:34:47.62+00:00

I'm trying to get my head around how multiple internal Azure Container Apps in different regions communicate with each other. I have 2 vnets which are peered and each container app environment is integrated with the vnets. I also have VMs using the same vnets in the respective regions.

I can confirm that the VM can access the container app adjacent to it. I also made sure that there were no overlaps in the subnets. However, when trying to access the other container app 2 located in a different region, it isn't working.

Setup
Region: East US

Resources:

  • Container App 1
    • Internal, Limited to Vnet
    • Has private DNS zone
  • Vnet1
  • Vm1

Region: South Central US

Resources:

  • Container App 2
    • Internal, Limited to Vnet
    • Has private DNS zone
  • Vnet2
  • Vm2

Am I missing something? Do I need to do additional setup to make them talk to each other like s2s vpn?

Azure Container Apps
Azure Container Apps
An Azure service that provides a general-purpose, serverless container platform.
444 questions
0 comments

2 answers

Sort by: Most helpful
Most helpful Newest Oldest
  1. hossein jalilian 8,150 Reputation points
    2024-06-17T22:52:02.2966667+00:00

    Thanks for posting your question in the Microsoft Q&A forum.

    You do not necessarily need a site-to-site VPN to enable communication between Azure Container Apps in different regions when using virtual network peering.

    • Each Container App environment has its own private DNS zone. For cross-region communication, you need to ensure that the private DNS zones are linked to the respective VNets.
    • Check the Network Security Group rules associated with the subnets hosting the Container Apps.
    • Verify that the effective routes within each VNet include the address space of the peered VNet.

    Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful

  2. JananiRamesh-MSFT 27,921 Reputation points
    2024-06-21T05:32:40.42+00:00

    Bon Macalindong Thanks for getting back, Regarding the private DNS zones, you only need to link the private DNS zone to the VNet in the same region as the container app. You do not need to link the remote VNet to the private DNS zone.

    it sounds like you have taken the necessary steps to enable communication between the container apps in different regions. If you are still experiencing issues, I would suggest you open a support ticket to troubleshoot this issue further. If you don't have a support plan, please let me know

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.