Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Is It Possible to Restrict Access to Azure Container Instance with IP restrictions

I am creating an Azure container instance to host an index for testing purposes. Currently I can only get it to work with IpAddressType set as Public, but of course this makes the index available to the world.

Is it possible to secure an Azure container instance with IP restrictions, preferably using PowerShell?

When I configure the container image with IpAddressType set as Private, I am unable to access the index.

Below is the command I am using to create the container instance:

   New-AzureRmContainerGroup -ResourceGroupName $resourceGroup `
                              -Name indexcontainer `
                              -Image $image `
                              -IpAddressType Public `
                              -Location $resourceGroupLocation `
                              -MemoryInGB 6 `
                              -Cpu 2 `
                              -Port 9200
like image 746
Andy McWilliams Avatar asked Dec 05 '18 13:12

Andy McWilliams


People also ask

How do I block an IP on Azure?

You can use the Network Security Groups(NSG) to block some IPs. You can add different rules in one NSG and config this NSG to your cloud service's VNet. Firstly, you need to have a NSG with rules that can block the target IPs. You can use portal to create the NSG and add rules in it.

Which two services can you use to manage containers in Azure?

Learn to deploy, scale, orchestrate, and manage containers with Docker and Kubernetes through hands-on lessons and labs.


1 Answers

TODAY:

Not with Container Groups, if you open up a port on the container group, it is public to the world.

Container-Group is the little brother (mini version) of full-on AKS.

AKS, the big brother, gives you more control.

See : https://docs.microsoft.com/en-us/azure/aks/internal-lb


-IpAddressType Accepted values: Public

https://docs.microsoft.com/en-us/powershell/module/azurerm.containerinstance/new-azurermcontainergroup?view=azurermps-6.13.0

Note, the only value accepted in documentation is "Public"

However, they put the placeholder in for future arguments besides "Public"...so I think they see this as a gap in functionality........

like image 87
granadaCoder Avatar answered Oct 18 '22 19:10

granadaCoder