How to automatically allow Ingress for Container App from own App Services of the same ResourceGroup?

Vadim K 0 Reputation points

We have a Seq log servers deployed as Container Apps for all environments (test, stage, prod).
Since the public access is not an option for us, we're trying to setup Ingress rules for incoming traffic (logs) from our App Services (from the same ResourceGroup). Currently it's done by manual adding all the 25 IP addresses of the Services to Ingress rules. But I hope that there is some option to set it up automatically.... For instance, for AppServices and Azure SQL Server it's just ONE CHECK-BOX(!!!) to be checked to make it do the same job.

What the best way to go in this case?
Set up a custom VNET for each Container App (that looks like the same amount of manual routine) ?

Azure Container Apps
Azure Container Apps
An Azure service that provides a general-purpose, serverless container platform.
254 questions
0 comments No comments
{count} votes

1 answer

Sort by: Most helpful
  1. AdamZachary 2,861 Reputation points

    Hi Vadim,

    To automate the process of allowing ingress for Azure Container Apps from App Services within the same Resource Group, you can choose between Azure Automation and Azure Logic Apps or Functions.

    1- Azure Automation:

    1. Create an Azure Automation account.
    2. Write a PowerShell or Python script that:
      • Retrieves the current IP addresses of your App Services within the Resource Group.
        • Updates the ingress rules of your Container Apps with these IP addresses.
    3. Schedule the script to run at regular intervals to ensure the list is up-to-date.

    2- Azure Logic App or Function App:

    1. Create an Azure Logic App or a Function App.
    2. Use triggers based on events, such as changes in App Services.
    3. Implement an action that:
      • Fetches the IP addresses of the App Services.
        • Applies the ingress rules to the Container Apps using Azure Management API calls.
    4. Set conditions or parameters as needed to filter for the specific Resource Group and services.

    And, well for both solutions, you will need to handle authentication against Azure's management APIs, typically using a service principal. Make sure to follow best practices for security and error handling.

    I would recommend to review Azure's documentation for the specific API calls required to fetch IP addresses and update ingress rules.

    Kindly if you find the provided information helpful and it resolves your query, please consider accepting the answer. Your feedback is valuable and helps ensure the quality and relevance of the responses.

    0 comments No comments