1. Answers
  2. Linking a Private Endpoint to a Container App in Azure

How do I link a private endpoint to a container app in Azure?

To link a private endpoint to a container app in Azure, you need to create a private endpoint that is linked to the container app, making sure that all communications are handled privately within a Virtual Network (VNet). Here’s a step-by-step guide to achieve this:

  1. Create a Resource Group: This serves as a container that holds the related resources for the Azure solution.
  2. Create a Virtual Network (VNet): To ensure private connectivity between Azure resources.
  3. Create a Subnet: Within the VNet that will contain the Private Endpoint.
  4. Create a Container App: The main application that will be linked to a private endpoint.
  5. Create a Private Endpoint: Link this endpoint to your Container App.

Now let’s see it all together in code:

import * as pulumi from "@pulumi/pulumi";
import * as azure from "@pulumi/azure";

// Step 1: Create a new Resource Group
const exampleRg = new azure.core.ResourceGroup("example_rg", {
    name: "exampleResourceGroup",
    location: "West Europe",
});
// Step 2: Create a Virtual Network
const exampleVnet = new azure.network.VirtualNetwork("example_vnet", {
    name: "exampleVNet",
    addressSpaces: ["10.0.0.0/16"],
    location: exampleRg.location,
    resourceGroupName: exampleRg.name,
});
// Step 3: Create a Subnet within the Virtual Network
const exampleSubnet = new azure.network.Subnet("example_subnet", {
    name: "exampleSubnet",
    resourceGroupName: exampleRg.name,
    virtualNetworkName: exampleVnet.name,
    addressPrefixes: ["10.0.1.0/24"],
});
// Step 4: Create a Container App
const exampleContainerapp = new azure.containerservice.Group("example_containerapp", {
    name: "examplecontainerapp",
    location: exampleRg.location,
    resourceGroupName: exampleRg.name,
    osType: "Linux",
    containers: [{
        name: "examplecontainer",
        image: "mcr.microsoft.com/azuredocs/aci-helloworld",
        cpu: 0.5,
        memory: 1.5,
        ports: [{
            port: 80,
            protocol: "TCP",
        }],
    }],
});
// Step 5: Create a Private Endpoint linked to the Container App
const examplePrivateEndpoint = new azure.privatelink.Endpoint("example_private_endpoint", {
    name: "examplePrivateEndpoint",
    location: exampleRg.location,
    resourceGroupName: exampleRg.name,
    subnetId: exampleSubnet.id,
    privateServiceConnection: {
        name: "examplePSC",
        privateConnectionResourceId: exampleContainerapp.id,
        subresourceNames: ["aci"],
        isManualConnection: false,
    },
});

In this example, we first create a resource group and a virtual network. Then, within this virtual network, we define a subnet to host our private endpoint. After setting up the network infrastructure, we create a container app running a hello-world image. Finally, we establish a private endpoint that connects to the container app, ensuring that the application is accessible only within the specified virtual network.

In summary, to link a private endpoint to a container app, you need to prepare the network infrastructure and configure the private endpoint to link it to your container app properly. This configuration helps ensure secure and private communication between your resources.

Deploy this code

Want to deploy this code? Sign up for a free Pulumi account to deploy in a few clicks.

Sign up

New to Pulumi?

Want to deploy this code? Sign up with Pulumi to deploy in a few clicks.

Sign up