![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(22.400000000000002, 40%, 12%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESR%3C/text%3E%3C/svg%3E)
Azure Container Apps
An Azure service that provides a general-purpose, serverless container platform.
572 questions
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(89.60000000000001, 77%, 18%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3ESP%3C/text%3E%3C/svg%3E)
If you have Azure Container Apps (ACA) deployed within an internal Virtual Network (VNet), Azure automatically provisions an Internal Load Balancer (ILB) to manage traffic. However, traffic may not be correctly routed from the ILB to the container apps without additional configuration.
This guide explains the best and easiest approach to correctly route traffic using User-Defined Routes (UDR) and other essential settings without requiring an Application Gateway.
Step-by-Step Solution :
- Ensure Internal Ingress is Enabled for ACA
Before configuring routing, verify that your ACA ingress settings are correctly configured:
- Set ingress type to "internal" to restrict ACA to internal traffic.
- Define the required ports and protocols (e.g., HTTP, TCP).
For more details, refer to the Azure ACA Ingress Documentation.
- Configure the Internal Load Balancer (ILB)
Azure automatically creates an ILB when ACA is deployed in an internal VNet. However, it might not be configured to route traffic correctly.
- Identify the ILB IP address assigned to ACA.
- Ensure that ACA is part of the ILB backend pool.
For additional details, check Azure Container Apps Networking.
- Implement User-Defined Routes (UDR) for Traffic Routing
Since Azure does not automatically create system routes for ILB traffic to ACA, you need to define custom routes using User-Defined Routes (UDR).
Steps to Create a UDR:
- Navigate to Azure Portal > Networking > Route Tables.
- Create a new Route Table and associate it with the subnet where your ACA resides.
- Add a new route:
- Destination: CIDR block of your ACA environment (e.g., 10.0.0.0/24).
- Next Hop Type: Select Virtual Appliance.
- Next Hop Address: Set this to the ILB private IP address.
- Save the route and apply it to the VNet subnet hosting ACA.
- Next Hop Type: Select Virtual Appliance.
- Destination: CIDR block of your ACA environment (e.g., 10.0.0.0/24).
This ensures that internal traffic correctly reaches the ACA services.
For detailed steps, refer to the official User-Defined Routes for ACA documentation.
- Validate and Troubleshoot Traffic Flow
To ensure proper traffic routing:
- Use Azure Monitor and Log Analytics to check traffic logs.
- Test connectivity using Azure Bastion or a VM inside the VNet (curl ).
- Verify that NSGs and Firewall Rules allow internal communication.
- Check DNS settings to resolve internal ACA endpoints correctly.
Conclusion :
By following this approach, you can successfully route traffic from Azure ILB to your ACA environment inside an internal VNet without needing an Application Gateway.
This method ensures secure, reliable, and efficient traffic flow using UDRs, ILB backend configurations, and private networking settings.