Azure Docker Containers to an Azure VM across vlans?

Question

So what I'm doing is I've got a VM running in Azure. Simple enough, but what it's doing we want to secure from the outside world. I've got specific ports open, 8000, to everything on the 10 vlan, and my specific public IP that I"m using. Accessing the data that way works fine. No issues, etc.

So so, I've gone out and created a VStudio Container API on my Mac using:

az container create --resource-group=<> -name <> --ip-address Public --ports 80

If I do that, I can access a dummy method call and it returns data as expected.

What I need though is to have the method itself reach out to the VM and interact with it. It's just doing HTTP Posts of Json, so not really a lot of rocket science between the two.

But I can't get the WebAPI in a container to access the VM. I've also tried --vnet=<> where the <> is the name of the vnet my VMs are sitting in, but still nothing.

It's almost as if I need to tell the box that it's got 2 NICs and that it can communicate to the 10 net via 1, and the public net on the other.

So any ideas what I'm missing?

Answer 1

What I understand is that you want to securely access the VM from a container instance. If so, then you need to create the container instance in the Vnet. This will enable that feature:

Container communication with virtual machines in the virtual network

But here is a limitation:

To deploy container groups to a subnet, the subnet cannot contain any other resource types.

It means that you need to create the VM in another subnet of the Vnet.

Create the container instance in the Vnet will lost the feature that accesses it from the Internet. So if you also need to access the container instance from the Internet, I will suggest you use the Azure Application Gateway, then put the container instance in the backend of the application gateway with the instance private IP.