Skip to content

Commit acb7a75

Browse files
cachai2cachai2
committed
add storage
1 parent daf6a49 commit acb7a75

File tree

1 file changed

+3
-0
lines changed

1 file changed

+3
-0
lines changed

articles/container-apps/firewall-integration.md

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -63,6 +63,7 @@ The following tables describe how to configure a collection of NSG allow rules.
6363
| Any | Your container app's subnet | \* | Your container app's subnet | \* | Allow communication between IPs in your container app's subnet. |
6464
| TCP | Your container app's subnet | \* | `AzureActiveDirectory` | `443` | If you're using managed identity, this is required. |
6565
| TCP | Your container app's subnet | \* | `AzureMonitor` | `443` | Only required when using Azure Monitor. Allows outbound calls to Azure Monitor. |
66+
| TCP | Your container app's subnet | \* | `Storage.<Region>` | `443` | Only required when using Azure Container Registry to host your images. |
6667
| TCP and UDP | Your container app's subnet | \* | `168.63.129.16` | `53` | Enables the environment to use Azure DNS to resolve the hostname. |
6768

6869
# [Consumption only environment](#tab/consumption-only)
@@ -76,6 +77,8 @@ The following tables describe how to configure a collection of NSG allow rules.
7677
| UDP | Your container app's subnet | \* | `AzureCloud.<REGION>` | `1194` | Required for internal AKS secure connection between underlying nodes and control plane. Replace `<REGION>` with the region where your container app is deployed. |
7778
| TCP | Your container app's subnet | \* | `AzureCloud.<REGION>` | `9000` | Required for internal AKS secure connection between underlying nodes and control plane. Replace `<REGION>` with the region where your container app is deployed. |
7879
| TCP | Your container app's subnet | \* | `AzureCloud` | `443` | Allowing all outbound on port `443` provides a way to allow all FQDN based outbound dependencies that don't have a static IP. |
80+
| TCP | Your container app's subnet | \* | `Storage.<Region>` | Only required when using Azure Container Registry to host your images. |
81+
| TCP | Your container app's subnet | \* | `AzureFrontDoor.FirstParty` | `443` | Only required when using Azure Container Registry to host your images. |
7982
| UDP | Your container app's subnet | \* | \* | `123` | NTP server. |
8083
| Any | Your container app's subnet | \* | Your container app's subnet | \* | Allow communication between IPs in your container app's subnet. |
8184
| TCP | Your container app's subnet | \* | `AzureMonitor` | `443` | Only required when using Azure Monitor. Allows outbound calls to Azure Monitor. |

0 commit comments

Comments
 (0)