You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/container-apps/networking.md
+8-2Lines changed: 8 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -150,7 +150,7 @@ The second URL grants access to the log streaming service and the console. If ne
150
150
## Ports and IP addresses
151
151
152
152
>[!NOTE]
153
-
> The subnet associated with a Container App Environment requires a CIDR prefix of /23.
153
+
> The subnet associated with a Container App Environment requires a CIDR prefix of /23 or larger (/23, /22 etc.).
154
154
155
155
The following ports are exposed for inbound connections.
156
156
@@ -190,6 +190,12 @@ If you're using the Azure CLI and the [platformReservedCidr](vnet-custom-interna
190
190
191
191
There's no forced tunneling in Container Apps routes.
192
192
193
+
## DNS
194
+
- If your VNET uses a custom DNS server instead of the default Azure-provided DNS server, we recommend that you configure your DNS server to forward unresolved DNS queries to 168.63.129.16, which is used for the [Azure recursive resolvers](https://docs.microsoft.com/azure/virtual-network/virtual-networks-name-resolution-for-vms-and-role-instances#name-resolution-that-uses-your-own-dns-server). If you do not use the Azure recursive resolvers, the Container App Environment will not function.
195
+
- If you plan to use VNET-scope [Ingress](https://docs.microsoft.com/azure/container-apps/ingress#configuration) for Container Apps in an internal Container App Environment, you must do one of the following:
196
+
- If you do not plan to use custom domains, create a private DNS zone that resolves the Container App Environment’s default domain to the static IP address of the Container App Environment. You can use [Azure Private DNS](https://docs.microsoft.com/azure/dns/private-dns-overview) or your own DNS server. If you use Azure Private DNS, create a Private DNS Zone named as the Container App Environment’s default domain (*<UNIQUE_IDENTIFIER>*.*<REGION_NAME>*.azurecontainerapps.io), with an A record that points to the static IP address of the Container App Environment.
197
+
- If you plan to use custom domains, use a publicly resolvable domain to [add a custom domain and certificate](https://docs.microsoft.com/azure/container-apps/custom-domains-certificates#add-a-custom-domain-and-certificate) to the Container App. Additionally, create a private DNS zone that resolves the apex domain to the static IP address of the Container App Environment. You can use [Azure Private DNS](https://docs.microsoft.com/azure/dns/private-dns-overview) or your own DNS server. If you use Azure Private DNS, create a Private DNS Zone named as the apex domain, with an A record that points to the static IP address of the Container App Environment.
198
+
193
199
## Managed resources
194
200
195
201
When you deploy an internal or an external environment into your own network, a new resource group prefixed with `MC_` is created in the Azure subscription where your environment is hosted. This resource group contains infrastructure components managed by the Azure Container Apps platform, and shouldn't be modified. The resource group contains Public IP addresses used specifically for outbound connectivity from your environment and a load balancer. In addition to the [Azure Container Apps billing](./billing.md), you will be billed for the following:
@@ -200,4 +206,4 @@ When you deploy an internal or an external environment into your own network, a
200
206
## Next steps
201
207
202
208
-[Deploy with an external environment](vnet-custom.md)
203
-
-[Deploy with an internal environment](vnet-custom-internal.md)
209
+
-[Deploy with an internal environment](vnet-custom-internal.md)
0 commit comments