Internal Azure Container Apps communication between subscriptions

Question

I'm trying to get my head around how multiple internal Azure Container Apps in different regions communicate with each other. I have 2 vnets which are peered and each container app environment is integrated with the vnets. I also have VMs using the same vnets in the respective regions.

I can confirm that the VM can access the container app adjacent to it. I also made sure that there were no overlaps in the subnets. However, when trying to access the other container app 2 located in a different region, it isn't working.

Setup
Region: East US

Resources:

• Container App 1
  • Internal, Limited to Vnet
  • Has private DNS zone
• Vnet1
• Vm1

Region: South Central US

Resources:

• Container App 2
  • Internal, Limited to Vnet
  • Has private DNS zone
• Vnet2
• Vm2

Am I missing something? Do I need to do additional setup to make them talk to each other like s2s vpn?

Answer 1

Thanks for posting your question in the Microsoft Q&A forum.

You do not necessarily need a site-to-site VPN to enable communication between Azure Container Apps in different regions when using virtual network peering.

• Each Container App environment has its own private DNS zone. For cross-region communication, you need to ensure that the private DNS zones are linked to the respective VNets.
• Check the Network Security Group rules associated with the subnets hosting the Container Apps.
• Verify that the effective routes within each VNet include the address space of the peered VNet.

---

Please don't forget to close up the thread here by upvoting and accept it as an answer if it is helpful