You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/container-instances/container-instances-virtual-network-concepts.md
+11-10Lines changed: 11 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -32,22 +32,23 @@ Container groups deployed into an Azure virtual network enable scenarios like:
32
32
33
33
## Unsupported networking scenarios
34
34
35
-
***Azure Load Balancer** - Placing an Azure Load Balancer in front of container instances in a networked container group is not supported
36
-
***Global virtual network peering** - Global peering (connecting virtual networks across Azure regions) is not supported
35
+
***Azure Load Balancer** - Placing an Azure Load Balancer in front of container instances in a networked container group isn't supported
36
+
***Global virtual network peering** - Global peering (connecting virtual networks across Azure regions) isn't supported
37
37
***Public IP or DNS label** - Container groups deployed to a virtual network don't currently support exposing containers directly to the internet with a public IP address or a fully qualified domain name
38
-
***Managed Identity with Virtual Network in Azure Government Regions** - Managed Identity with virtual networking capabilities is not supported in Azure Government Regions
38
+
***Managed Identity with Virtual Network in Azure Government Regions** - Managed Identity with virtual networking capabilities isn't supported in Azure Government Regions
39
39
40
40
## Other limitations
41
41
42
42
* To deploy container groups to a subnet, the subnet can't contain other resource types. Remove all existing resources from an existing subnet prior to deploying container groups to it, or create a new subnet.
43
43
* To deploy container groups to a subnet, the subnet and the container group must be on the same Azure subscription.
44
44
* You can't enable a [liveness probe](container-instances-liveness-probe.md) or [readiness probe](container-instances-readiness-probe.md) in a container group deployed to a virtual network.
45
45
* Due to the additional networking resources involved, deployments to a virtual network are typically slower than deploying a standard container instance.
46
-
* Outbound connections to port 25 and 19390 are not supported at this time. Port 19390 needs to be opened in your Firewall for connecting to ACI from Azure portal when container groups are deployed in virtual networks.
46
+
* Outbound connections to port 25 and 19390 aren't supported at this time. Port 19390 needs to be opened in your Firewall for connecting to ACI from Azure portal when container groups are deployed in virtual networks.
47
47
* For inbound connections, the firewall should also allow all ip addresses within the virtual network.
48
-
* If you are connecting your container group to an Azure Storage Account, you must add a [service endpoint](../virtual-network/virtual-network-service-endpoints-overview.md) to that resource.
49
-
*[IPv6 addresses](../virtual-network/ip-services/ipv6-overview.md) are not supported at this time.
50
-
* Depending on your subscription type, [certain ports may be blocked](../virtual-network/network-security-groups-overview.md#azure-platform-considerations).
48
+
* If you're connecting your container group to an Azure Storage Account, you must add a [service endpoint](../virtual-network/virtual-network-service-endpoints-overview.md) to that resource.
49
+
*[IPv6 addresses](../virtual-network/ip-services/ipv6-overview.md) aren't supported at this time.
50
+
* Depending on your subscription type, [certain ports could be blocked](../virtual-network/network-security-groups-overview.md#azure-platform-considerations).
51
+
* Container instances don't read or inherit DNS settings from an associated virtual network. DNS settings must be explicitly set for container instances.
51
52
52
53
## Required network resources
53
54
@@ -61,7 +62,7 @@ A virtual network defines the address space in which you create one or more subn
61
62
62
63
Subnets segment the virtual network into separate address spaces usable by the Azure resources you place in them. You create one or several subnets within a virtual network.
63
64
64
-
The subnet that you use for container groups may contain only container groups. When you first deploy a container group to a subnet, Azure delegates that subnet to Azure Container Instances. Once delegated, the subnet can be used only for container groups. If you attempt to deploy resources other than container groups to a delegated subnet, the operation fails.
65
+
The subnet that you use for container groups can contain only container groups. When you first deploy a container group to a subnet, Azure delegates that subnet to Azure Container Instances. Once delegated, the subnet can be used only for container groups. If you attempt to deploy resources other than container groups to a delegated subnet, the operation fails.
65
66
66
67
### Network profile
67
68
@@ -71,15 +72,15 @@ A network profile is a network configuration template for Azure resources. It sp
71
72
72
73
To use a Resource Manager template, YAML file, or a programmatic method to deploy a container group to a subnet, you need to provide the full Resource Manager resource ID of a network profile. You can use a profile previously created using [az container create][az-container-create], or create a profile using a Resource Manager template (see [template example](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.containerinstance/aci-vnet) and [reference](/azure/templates/microsoft.network/networkprofiles)). To get the ID of a previously created profile, use the [az network profile list][az-network-profile-list] command.
73
74
74
-
In the following diagram, several container groups have been deployed to a subnet delegated to Azure Container Instances. Once you've deployed one container group to a subnet, you can deploy additional container groups to it by specifying the same network profile.
75
+
The following diagram depicts several container groups deployed to a subnet delegated to Azure Container Instances. Once you deploy one container group to a subnet, you can deploy more container groups to it by specifying the same network profile.
75
76
76
77
![Container groups within a virtual network][aci-vnet-01]
77
78
78
79
## Next steps
79
80
80
81
* For deployment examples with the Azure CLI, see [Deploy container instances into an Azure virtual network](container-instances-vnet.md).
81
82
* To deploy a new virtual network, subnet, network profile, and container group using a Resource Manager template, see [Create an Azure container group with VNet](https://github.com/Azure/azure-quickstart-templates/tree/master/quickstarts/microsoft.containerinstance/aci-vnet).
82
-
* When using the [Azure portal](container-instances-quickstart-portal.md) to create a container instance, you can also provide settings for a new or exsting virtual network on the **Networking** tab.
83
+
* When using the [Azure portal](container-instances-quickstart-portal.md) to create a container instance, you can also provide settings for a new or existing virtual network on the **Networking** tab.
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments