Comments (15)
Thank you for opening this issue, we will look into it.
from azure-cli.
About "Look for or create a managed certificate and bind with the hostname if no certificate or thumbprint is provided."
The managed certificate is not ready in the azure-cli
, you need to install containerapp
extension with command: az extension add -n containerapp
.
I will fix the help
for the command containerapp hostname bind
.
Thanks
from azure-cli.
Sorry but this suggestion still fails, albeit with a different error message:
michael_cameron [ ~ ]$ az extension add -n containerapp
Default enabled including preview versions for extension installation now. Disabled in future release. Use '--allow-preview true' to enable it specifically if needed. Use '--allow-preview false' to install stable version only.
The installed extension 'containerapp' is in preview.
michael_cameron [ ~ ]$ az containerapp hostname bind -n caefdtest001 -g rg-internalapp-dev-uks-001 --hostname a02.azurefd.net
The behavior of this command has been altered by the following extension: containerapp
Please specify at least one of parameters: --certificate and --environment
Specifying the environment leads to another different error:
michael_cameron [ ~ ]$ az containerapp hostname bind -n caefdtest001 -g rg-internalapp-dev-uks-001 --hostname a02.azurefd.net --environment cae-internal-dev-uks-001
The behavior of this command has been altered by the following extension: containerapp
Creating managed certificate 'mc-cae-internal-d-a02-azurefd-net-1605' for a02.azurefd.net.
It may take up to 20 minutes to create and issue a managed certificate.
Please specify the parameter: --validation-method
I cannot see anything in the updated documentation that describes what values the validation-method parameter accepts.
from azure-cli.
--validation-method
Hi @MichaelCameronDHSC
The validation-method accept HTTP
, CNAME
or TXT
.
PS:
In azure-cli will be included from Azure CLI version: 2.62.0, Official Release: 07/02/2024 , PR: #29156 , no need to install extension. The doc in az containerapp hostname bind -h
will also show the available vale for --validation-method
from Azure CLI version: 2.62.0.
from azure-cli.
How do I force the use of private DNS? There is CNAME record but not the public one
from azure-cli.
How do I force the use of private DNS? There is CNAME record but not the public one
I don't know how to use private DNS, did you occur error with --validation-method CNAME
?
from azure-cli.
Yes, the CNAME record that exists in private DNS cannot be found. I'm following a guide to using internal container apps and exposing them via custom private links with front door so need to use private DNS but cannot bind the hostname either with cli or in the portal.
michael_cameron [ ~ ]$ az containerapp hostname bind -n caefdtest001 -g rg-internalapp-dev-uks-001 --hostname a02.azurefd.net --environment cae-internal-dev-uks-001 --validation-method CNAME
The behavior of this command has been altered by the following extension: containerapp
Creating managed certificate 'mc-cae-internal-d-a02-azurefd-net-9665' for a02.azurefd.net.
It may take up to 20 minutes to create and issue a managed certificate.
(FailedCnameValidation) Not found CNAME of hostname 'a02.azurefd.net' directly pointing to a default hostname. Found CNAME record(s) of the hostname are .
from azure-cli.
Hi @MichaelCameronDHSC
Can you use Private key certificates?
- use
az containerapp env certificate upload
to upload a certificate in your environment - use
az containerapp hostname bind
to bind it to your containerapp
from azure-cli.
No
from azure-cli.
Hello @MichaelCameronDHSC ,
I see that this is a Consumption Environment with a VNet. Can you share your DNS settings of a02.azurefd.net
as well ?
I see from the custom-domain on the app caefdtest001
that the custom domain you are trying to add is a02.azurefd.net
. This looks like a Azure Front Door instance. Do you have a reference to your container app generated FQDN in the DNS settings ?
https://learn.microsoft.com/en-us/azure/container-apps/custom-domains-certificates
Have you tried the following ?
https://learn.microsoft.com/en-us/azure/container-apps/networking?tabs=workload-profiles-env%2Cazure-cli#dns
from azure-cli.
I'm trying to set up access via frontdoor and am also using MS authentication in my container app.
The only need for a custom domain is to enable host name preservation to allow the app to operate as it should. So, yes, I want to create a custom domain and have created a private DNS Zone to try and achieve that with an A record that points to the static IP.
I do not understand the assertion "If you are using an internal Container Apps Environment, there is no validation for the DNS binding, as the cluster can only be accesses from within the virtual network"
To create the binding appears to require validation.
What am I missing?
from azure-cli.
Hi @MichaelCameronDHSC
The internal environment is created with command in CLI: az containerapp env create -s {subnet-id} --internal-only
--internal-only : Boolean indicating the
environment only has an
internal load balancer.
These environments do
not have a public static
IP resource, therefore
must provide infrastruct
ureSubnetResourceId if
enabling this property.
Allowed values: false,
true.
You can also check with command
az containerapp env show -n {name} -g {rg-name} --query "properties.vnetConfiguration.internal"
from azure-cli.
The value is true:
michael_cameron [ ~ ]$ az containerapp env show -n cae-internal-dev-uks-001 -g rg-internalapp-dev-uks-001 --query "properties.vnetConfiguration.internal"
The behavior of this command has been altered by the following extension: containerapp
true
from azure-cli.
@MichaelCameronDHSC Can you add the app FQDN as a CNAME record in your DNS settings.
a02.azurefd.net CNAME caefdtest001.lemonground-3209f350.uksouth.azurecontainerapps.io
The error you are seeing (FailedCnameValidation) Not found CNAME of hostname 'a02.azurefd.net' directly pointing to a default hostname. Found CNAME record(s) of the hostname are .
is due to DigiCert not able to find any CNAME's in your DNS settings. I did a quick DNS lookup on a02.azurefd.net
and was not able to see any CNAME settings
from azure-cli.
We also see that the env cae-internal-dev-uks-001
is internal. One of the requirements for managed certs is having the container app accessible publicly.
https://learn.microsoft.com/en-us/azure/container-apps/custom-domains-managed-certificates?pivots=azure-portal
from azure-cli.
Related Issues (20)
- Spain Cloud Region is in the Mediterannean Sea - A new project Natick ? HOT 2
- Az login in elevated powershell prompt exits before logging in HOT 2
- devops extension does not work with MSI HOT 3
- Recent deployment broke index.json extension list / az extension list-available HOT 4
- functionapp deployment github-actions add: "Unable to retrieve workflow template." HOT 3
- Remove public preview warning from --probe-threshold + add additional warning message for --number-of-probes or --threshold property HOT 2
- Customer feedback | az network application-gateway redirect-config create | AppGW rules command has priority rules but redirect-config doesn't have priority HOT 1
- Cannot install azure-cli with psutil v6 HOT 2
- Command az feature register --namespace Microsoft.Compute --name SIGSoftDelete does not work, remains in pending state HOT 2
- Install script does not work on elementaryOS HOT 3
- az login does not work from inside devcontainer HOT 3
- az version / az --version should result in same output HOT 1
- az storage account create | incorrect / misleading error message when HOT 3
- az vm show sku vs portal Operating system HOT 1
- "az appconfig kv export --destination appservice" produces "Failed to read key-values from appservice" when DOCKER_REGISTRY_SERVER_PASSWORD exists in app service HOT 3
- ADAL package, which is EOL, included in latest az-cli HOT 7
- Login error using az login for mooncake HOT 4
- CLI Endpoint Support for Managed HSM (Fix Bug with CLI Plain Text Keys) HOT 2
- VM/VMSS to support v2 Version of Azure Metadata Security Protocol HOT 4
- After I install the Azure CLI using winget, the az command is not working at all HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from azure-cli.