In the end I decided to move away from Azure Container Instances. They are a half baked, buggy and unstable product, with crucial functionality missing. You can't expose an ACI that is inside a vnet publicly. Accessing resources inside the vnet by DNS doesn't work properly. Registering the container itself to the private DNS zone works erratically. Furthermore West EU zone seems to be unstable, with support unable to figure out what is going on.
Just stay away from ACI.