With that level of private IPs required, and ExpressRoute in play, your best choice would be to enable the Microsoft peering and connect to your ingress controllers on their "public" IP. Use a WAF to secure this to only your network.
Azure Container Application : networking best practices
Hello,
We plan to deploy +/- 50 different applications (1 application = multiple container apps: frontend, backend, workers, ...) and we also want to recreate them for our development, staging and production environment.
Here are some constraints we have :
- For security purposes we want to isolate applications from each others
- We always need internal ingresses (to access at least the frontend for each application)
- We need all ingresses to be accessible from our internal network (through an express route)
- It has to be as easy as possible to setup and maintain
Our basic idea was to create one "Container Application Environment" per application per environment which would create 150 "Container Application Environment". These would require 150 subnets with a minimum of 0.0.0.0/23 (512 IP's) under our vnet. this is not sustainable to reserve that much ips when we need between 1-3 per application.
What are the best practice for this case ? or where are we wrong ?