azure-search-openai-demo
azure-search-openai-demo copied to clipboard
Azure-Samples
Custom Domains removed during deployement.
If a custom domain is configured on the container app, every time you redeploy it gets removed. Would be great to include methods to persist custom domains.
This may be helpful:
https://github.com/Azure/azure-dev/pull/3955
cc @vhvb1989 for ideas on how we can improve the situation in our repo.
Have you tried the flag that Victor added in that PR?
@Jiddawi are you using WebApp or ContainerApp?
The alpha features we have for azd apply to ContainerApps:
Name: aca.persistDomains
Description: Do not change custom domains when deploying Azure Container Apps.
Status: Off
Name: aca.persistIngressSessionAffinity
Description: Do not change Ingress Session Affinity when deploying Azure Container Apps.
Status: Off
aca.persistDomains was mainly tested for .NET Aspire projects. It might not work for this template. I'll take a look
any news here? https://github.com/Azure/azure-dev/issues/1765 https://github.com/Azure/azure-dev/pull/3955
I had a few cases where it kept resetting but recently its been working fine, If this occurs again i will create a more detailed issue. Thank you for your responses.
It still resets for ACA. Bicep is missing the Definition to install , and verify DNS Name and certificate properly
@Jiddawi are you using WebApp or ContainerApp?
The alpha features we have for azd apply to ContainerApps:
Name: aca.persistDomains Description: Do not change custom domains when deploying Azure Container Apps. Status: Off Name: aca.persistIngressSessionAffinity Description: Do not change Ingress Session Affinity when deploying Azure Container Apps. Status: Off
aca.persistDomainswas mainly tested for .NET Aspire projects. It might not work for this template. I'll take a look
I am using ContainerApp
this worked for me, and here's what i had to do.
Implementing Custom Domain Persistence in Azure Container Apps
This document outlines a solution for custom domain persistence in Azure Container Apps when using infrastructure as code (Bicep).
Correct Configuration for Custom Domains in Container Apps
When configuring custom domains for Azure Container Apps using Bicep, it's essential to reference the certificate correctly based on how it was deployed. The resource type in the certificate path should match the actual certificate type.
For custom domains set up with managed certificates (the most common approach in the Azure Portal), you should use the managedCertificates resource type in the path. Many examples and templates incorrectly use certificates instead, which leads to deployment failures.
Using the correct resource type ensures that your custom domain configuration persists across deployments.
The Solution
Step 1: Identify the correct certificate path
Use the Azure CLI to verify the actual path of the certificate:
az containerapp env certificate list --name {environment-name} --resource-group {resource-group}
This will return the actual certificate information, including the correct resource ID:
[
{
"id": "/subscriptions/{subscription-id}/resourceGroups/{resource-group}/providers/Microsoft.App/managedEnvironments/{environment-name}/managedCertificates/{certificate-name}",
"name": "{certificate-name}",
"type": "Microsoft.App/managedEnvironments/managedCertificates",
...
}
]
Note the resource type in the ID: managedCertificates, not certificates.
Step 2: Update the Container App Bicep template
In your Container App Bicep template, update the certificateId to use the correct resource type:
customDomains: !empty(customDomain) ? [
{
name: customDomain
bindingType: 'SniEnabled'
certificateId: !empty(certificateName) ? '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.App/managedEnvironments/${containerAppsEnvironmentName}/managedCertificates/${certificateName}' : null
}
] : []
The key change is using managedCertificates instead of certificates in the resource path.
Step 3: Update the main deployment file
Ensure your main deployment file passes the correct parameters:
module acaBackend 'core/host/container-app-upsert.bicep' = {
// other parameters...
params: {
// other params...
customDomain: 'your-domain.example.com'
certificateName: 'your-certificate-name'
}
}
Implementation Example
Here's a complete example of how to implement this in a typical Bicep setup:
- In your container app module (e.g.,
container-app.bicep):
@description('The custom domain for the container app')
param customDomain string = ''
@description('The certificate name for the custom domain')
param certificateName string = ''
// ... other parameters and resources ...
resource app 'Microsoft.App/containerApps@2023-05-02-preview' = {
// ... other properties ...
properties: {
// ... other properties ...
configuration: {
// ... other configuration ...
ingress: ingressEnabled ? {
// ... other ingress properties ...
customDomains: !empty(customDomain) ? [
{
name: customDomain
bindingType: 'SniEnabled'
certificateId: !empty(certificateName) ? '/subscriptions/${subscription().subscriptionId}/resourceGroups/${resourceGroup().name}/providers/Microsoft.App/managedEnvironments/${containerAppsEnvironmentName}/managedCertificates/${certificateName}' : null
}
] : []
} : null
}
}
}
- In your main deployment file (e.g.,
main.bicep):
module containerApp 'core/host/container-app-upsert.bicep' = {
name: 'container-app'
params: {
// ... other parameters ...
customDomain: 'your-domain.example.com'
certificateName: 'your-domain-certificate-name'
}
}
Conclusion
By using the correct resource type (managedCertificates instead of certificates) in the certificate ID path, if that is what you have configured. You can ensure that custom domain configurations persist across deployments for Azure Container Apps.
This solution helps maintain consistent infrastructure deployments and prevents configuration drift when using infrastructure as code.
Resources
For more information about Azure Container Apps and certificates, refer to the following Microsoft documentation:
- Microsoft.App/containerApps Bicep reference
- Microsoft.App/managedEnvironments/certificates Bicep reference
- Microsoft.App/managedEnvironments/managedCertificates Bicep reference