Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Unable to attach a VNET to Container App environment after the env was created #851

Open
1 of 3 tasks
RajakumaranC opened this issue Jul 24, 2023 · 8 comments
Open
1 of 3 tasks

Unable to attach a VNET to Container App environment after the env was created #851

RajakumaranC opened this issue Jul 24, 2023 · 8 comments
Labels
wontfix This will not be worked on

Comments

@RajakumaranC
Copy link

Please provide us with the following information:

This issue is a: (mark with an x)

  • bug report -> please search issues before submitting -- no similar issue found.
  • documentation issue or request
  • regression (a behavior that used to work and stopped in a new release)

Issue description

A clear and concise description of the observed issue.
I have created a container app environment without a VNET then tried to attach a VNET to existing container app environment. However, there are no CLI command nor portal option to do this, so I followed the steps for ARM template and populated the arm template with the VNET configuration with incremental build. Now this ARM template says it successfully deployed however, I still don't see the VNET getting attached to the Container App environment. Please help understand if we can add a VNET to a container App env after it was created without it. and should the arm throw error if it's not allowed.

Steps to reproduce

  1. Create an env either via cli or portal without a VNET.
  2. Create a vent with the required subnet CIDR.
  3. export the template of the ACA env and modify the Infra subnet settings and populate with the Subnet Id.
  4. Deploy the arm template via cli using az deployment group create --resource-group <RGNAME> --template-file .\<file>.json

Expected behavior [What you expected to happen.]
VNET should be attached to the container app environment

Actual behavior [What actually happened.]
ARM template says succeeded but VNET config is not updated in ACA env.

Screenshots
If applicable, add screenshots to help explain your problem.

Additional context

Ex. Did this issue occur in the CLI or the Portal?
CLI
@microsoft-github-policy-service microsoft-github-policy-service bot added the Needs: triage 🔍 Pending a first pass to read, tag, and assign label Jul 24, 2023
@torosent torosent added wontfix This will not be worked on and removed Needs: triage 🔍 Pending a first pass to read, tag, and assign labels Jul 24, 2023
@torosent
Copy link
Member

torosent commented Jul 24, 2023
edited
Loading

Hi, You cannot attach a VNet after the environment is created but it's in our backlog to enable it.

@RajakumaranC
Copy link
Author

RajakumaranC commented Jul 25, 2023
edited
Loading

@torosent : Thanks for looking into this issue. This feature will surely be helpful for many customers. For eg. We have a key vault that is only allowed to be accessed by specific IP range for security reasons. We found that key vault can be provided access via VNET instead of relying on the dynamic outbound IP of the ACA. (Static IP of ACA Env doesn't seems to work when accessing key vault). Hence this feature will be really helpful for customers that need to give access to firewall protected resource within Azure to gain secure access instead of relying on workload profile + NAT gateway.

Also ARM template is showing the deployment succeeded although this feature is not yet available. Should the ARM be throwing error until this feature is out?

@ffroliva
Copy link

ffroliva commented Sep 7, 2023

I am experiencing this problem right now. I have added a container to a containerapp environment without vnet. Currently, the application is wide open to the internet. Now I want to make it private to a VPN but because I don't have the ability to update the VNET configuration I have to recreate the whole setup again.

This is a very important feature to be added.

Is it possible to update containerapp environment to add or replace a VNET using ARM template?

@Dikarabo-Molele
Copy link

Hi, You cannot attach a VNet after the environment is created but it's in our backlog to enable it.

Has this been enabled yet?

@bchr02
Copy link

bchr02 commented Apr 19, 2024

Hi, You cannot attach a VNet after the environment is created but it's in our backlog to enable it.

Any update or ETA? Also, why do we have the "wontfix" label on this Github Issue if it is on the backlog? 😒

@eskye
Copy link

eskye commented Jun 2, 2024

This feature will be a major game changer for customers. I have to go and recreate the container right now and attach it to the environment with VNET. @Azure team please do something about this quickly this is one of the major functionality when it comes to security and connecting to other resources on prem and it is very important and a must to have feature. We'll be expecting when this will be done.

Thank you for your support.

@ffroliva
Copy link

ffroliva commented Jun 2, 2024 via email

@VashBik
Copy link

VashBik commented Sep 11, 2024

Upvoting this issue as this feature would be extremely beneficial for many scenarios where securing connections to internal resources is critical. Has there been any progress or an estimated timeline for when attaching a VNet post-creation might be supported?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
wontfix This will not be worked on
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
7 participants
@bchr02 @eskye @torosent @RajakumaranC @ffroliva @Dikarabo-Molele @VashBik