Introduction

In the previous post, we discussed securing an Azure Container Registry with a private connection and role-based access. Now, we'll delve into creating and configuring a secure container app in Azure Container Apps. By leveraging the security measures we implemented in the previous post, we'll ensure that our container app operates in a controlled and protected environment.

Benefits of Secure Container Apps

• Enhanced Security: By building upon the secure foundation of our container registry, we'll create a container app that is protected from unauthorized access and potential threats.
• Improved Performance: Leveraging private endpoint connections and optimized network configurations can enhance the performance and reliability of our container app.
• Simplified Management: Azure Container Apps provides a managed service, reducing the operational overhead and complexity of managing containerized applications.

Prerequisites

Before you begin, ensure you have the following:

• Azure Subscription: An active Azure subscription.
• Azure Container Registry (ACR): A container registry containing your container images.
• Virtual Network and Subnets: A virtual network with at least two subnets: one for the private endpoint and another for the container app.
• Service Bus Namespace: A Service Bus namespace for communication between the container app and external services.
• User-Assigned Managed Identity: A managed identity associated with your container registry.
• Private Endpoint: A private endpoint connecting your container registry to your virtual network.

Step-by-Step Guide

1. Create a Container App:

   • Navigate to the Azure Portal and search for "Container App."
   • Click on "Create" and provide the necessary details (resource group, container app name, and region). Once complete, click on "Create new" underneath "Container Apps Environment."
   • In the "Networking" tab, select "Use your own virtual network" and choose the subnet for your container app. Click "Create" at the bottom.

2. Configure Container App Image:

   • Select "Azure Container Registry" as the image source.
   • Choose your container registry and image. Click "Review + create" at the bottom.

3. Authenticate with Managed Identity:

   • After deployment, navigate to your container app's settings and select "Identity" under "Settings".
   • Under the "User Assigned" tab click "+Add" and add the managed identity you created earlier.

4. Configure Service Bus Connection:

   • Under "Settings" select "Service Connector (Preview)" and click "+Create."
   • Select "Service Bus" as the service type and choose the appropriate client type.
   • In "Authentication" select the user-assigned managed identity.
   • Continue until the end then review and create the Service Connection.

5. Configure HTTP Scale Rules:

   • Under "Application," go to "Scale."
   • In the "Scale" section, configure minimum and maximum replicas then click "Add" under "Scale rule."
   • Create a name for the scaling rule and select the "HTTP scaling" Type. Decide an amount of concurrent requests for the rule.
   • Click on "Save as new revision" on the bottom.

Conclusion

Congratulations! You've successfully created and configured a secure container app in Azure Container Apps. By leveraging the security measures implemented in our previous post, we've ensured that our container app is protected from unauthorized access and operates efficiently. This provides a strong foundation for building and deploying secure, scalable containerized applications on Azure.

Next Steps

In the next guide, we'll look at using Azure Pipelines to handle continuous integration for your Azure Container Apps.