我现在有点麻烦。现在我正在 Azure 容器应用中设置微服务重型应用程序。
容器应用环境位于其自己的子网中,并且在此环境中运行的应用需要相互通信,但并非所有应用都应通过互联网访问。因此,我像这样设置环境:
{
"$schema": "https://schema.management.azure.com/schemas/2019-04-01/deploymentTemplate.json#",
"contentVersion": "1.0.0.0",
"parameters": {
"managedEnvironments_sample_test_containerapps_environment_name": {
"defaultValue": "sample-test-containerapps-environment",
"type": "String"
},
"virtualNetworks_container_apps_environment_test_externalid": {
"defaultValue": "/subscriptions/subscriptionid/resourceGroups/sample-test/providers/Microsoft.Network/virtualNetworks/container-apps-environment-test",
"type": "String"
}
},
"variables": {},
"resources": [
{
"type": "Microsoft.App/managedEnvironments",
"apiVersion": "2022-06-01-preview",
"name": "[parameters('managedEnvironments_sample_test_containerapps_environment_name')]",
"location": "westeurope",
"sku": {
"name": "Consumption"
},
"properties": {
"vnetConfiguration": {
"internal": true,
"infrastructureSubnetId": "[concat(parameters('virtualNetworks_container_apps_environment_test_externalid'), '/subnets/container-apps-environmen-infrastructure-subnet-test')]",
"dockerBridgeCidr": "10.2.0.1/16",
"platformReservedCidr": "10.1.0.0/16",
"platformReservedDnsIP": "10.1.0.2",
"outboundSettings": {
"outBoundType": "LoadBalancer"
}
},
"appLogsConfiguration": {
"destination": "log-analytics",
"logAnalyticsConfiguration": {
"customerId": ""
}
},
"zoneRedundant": false,
"customDomainConfiguration": {}
}
}
]
}
环境内的应用程序可以相互通信。
在此环境中运行的应用程序的示例模板:
{
"id": "/subscriptions/subscriptionid/resourceGroups/sample-test/providers/Microsoft.App/containerapps/sample-container",
"name": "sample-container",
"type": "Microsoft.App/containerApps",
"location": "West Europe",
"systemData": {
"createdBy": "[email protected]",
"createdByType": "User",
"createdAt": "2023-01-11T12:04:36.6607229",
"lastModifiedBy": "[email protected]",
"lastModifiedByType": "User",
"lastModifiedAt": "2023-01-24T16:06:00.7274607"
},
"properties": {
"provisioningState": "Succeeded",
"managedEnvironmentId": "/subscriptions/subscriptionid/resourceGroups/sample-test/providers/Microsoft.App/managedEnvironments/sample-test-containerapps-environment",
"environmentId": "/subscriptions/subscriptionid/resourceGroups/sample-test/providers/Microsoft.App/managedEnvironments/sample-test-containerapps-environment",
"workloadProfileType": null,
"outboundIpAddresses": [
"8.9.10.11"
],
"latestRevisionName": "sample-container--lll1z5g",
"latestRevisionFqdn": "sample-container--lll1z5g.yellowtree-00000000.westeurope.azurecontainerapps.io",
"customDomainVerificationId": "",
"configuration": {
"secrets": [
{
"name": "reg-pswd-57e46ccb-a998"
}
],
"activeRevisionsMode": "Multiple",
"ingress": {
"fqdn": "sample-container.yellowtree-00000000.westeurope.azurecontainerapps.io",
"external": true,
"targetPort": 80,
"exposedPort": 0,
"transport": "Auto",
"traffic": [
{
"revisionName": "sample-container--lll1z5g",
"weight": 100
}
],
"customDomains": null,
"allowInsecure": true,
"ipSecurityRestrictions": null
},
"registries": [
],
"dapr": null,
"maxInactiveRevisions": null
},
"template": {
"revisionSuffix": "",
"containers": [
{
"image": "registry/integration/sample-container:9230",
"name": "sample-container",
"env": [
],
"resources": {
"cpu": 0.25,
"memory": "0.5Gi",
"ephemeralStorage": "1Gi"
}
}
],
"initContainers": null,
"scale": {
"minReplicas": 1,
"maxReplicas": 10,
"rules": null
},
"volumes": null
},
}
}
对于那些需要通过互联网访问的应用程序,我添加了一个应用程序网关,位于同一个 VNet,但位于不同的子网中,现在运行到多个问题,如果我没有看错的话,这些问题都是相关的。
应用程序网关无法解析应用程序的 DNS 名称以进行后端健康检查和转发。由于 DNS 解析不起作用,我尝试使用 nslookup 从容器应用程序环境内部返回的 IP 地址,但此健康检查也失败了。
路由本身似乎有效,因为当我使用容器的 IP 地址时,健康检查会成功,但这不是一个解决方案,因为我们需要按需扩展,并且容器将更改 IP 地址。
有人知道我该如何让这个设置工作吗?
答案1
您需要创建一个私有 DNS 区域,并为指向 ACA 环境静态 IP 的容器应用创建一条 A 记录。您还需要在后端设置中指定“从后端目标中选择主机名”。