How to set up container instance with virtual network and a database?

Yaser Ali 1 Reputation point
2021-08-03T23:23:54.843+00:00

I have a resource group with MariaDB and a container instance; I want to do the following:

  • I want to have a virtual network where the resources (container instance & MariaDB) can communicate with one another on the inside.
  • I want to be able to access the container instance (only) from the outside.
  • I want to set a custom domain to point towards the container instance and use my own SSL certificate that I have in the key vault.
  • I want the container instance to be able to send requests outside the virtual network to the internet, since I have public API integrations.

What I've tried so far:

  • Created a virtual network with two subnets; one public and one private.
  • I created a NAT gateway and appointed it to the private subnet.
  • I created an application gateway and appointed it to the public subnet.
  • I then attempted to call the application gateway IP to no avail; Idk how to make it point to the container instance.
  • I connected to the container instance and pinged Google; it resolves the DNS, but no response is received (packet loss 100%).

I'm honestly lost; any help is more than appreciated.

I don't know how to use the CLI. I've been using the portal for all of this so I appreciate pointing me towards the right direction, or even just in terms of the logic.

Azure Container Instances
Azure Container Instances
An Azure service that provides customers with a serverless container experience.
635 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,139 questions
Azure Application Gateway
Azure Application Gateway
An Azure service that provides a platform-managed, scalable, and highly available application delivery controller as a service.
956 questions
0 comments

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. SRIJIT-BOSE-MSFT 4,326 Reputation points Microsoft Employee
    2021-08-06T08:13:53.737+00:00

    @Yaser Ali , Thank you for your question.

    I then attempted to call the application gateway IP to no avail; Idk how to make it point to the container instance.

    You can check out this article for guidance on exposing a container group using an application gateway here.

    I connected to the container instance and pinged Google; it resolves the DNS, but no response is received (packet loss 100%).

    ping fails because ICMP traffic is disabled by default between Azure resources and the non-Azure world. Reference I would recommend using other tools like nping from the nmap package. For example:

    nping -c <number of pings> --tcp -p <port number> <FQDN or IP>

    Based on your requirements:

    • Please ensure that both Maria DB and the container instance (in a delegated subnet) are in the same virtual network and configure Azure Database for Maria firewall rules accordingly.
    • Set up SSL termination on the Application Gateway as described here.
    • Connect the application gateway to the container instance as described here.

    Hope this helps.

    Please "Accept as Answer" if it helped, so that it can help others in the community looking for help on similar topics.

    Disclaimer: This response contains a reference to a third-party World Wide Web site. Microsoft is providing this information as convenient to you. Microsoft does not control these sites and has not tested any software or information found on these sites; therefore, Microsoft cannot make any representations regarding the quality, safety, or suitability of any software or information found there.

    There are inherent dangers in the use of any software found on the Internet, and Microsoft cautions you to make sure that you completely understand the risk before retrieving any software from the Internet.

    0 comments