Give us outgoing IPs or Allow Route Tables
We need to know the outbound IPs for containers running in ACIs.
Other cloud providers allow you to do this through a managed NAT.
We've even tried using out own vNet in an attempt force tunnel the request through our on-premise network. However, we cannot do this as you cannot use Route Tables and Service Endpoint delegation together.
This is really disappointing especially since AWS and Google Cloud both allow static IPS and managed NATs.
Work is planned for this. In the meantime, we suggest using Azure Firewall as potential work around: https://docs.microsoft.com/en-us/azure/container-instances/container-instances-egress-ip-address
Huzefa Qubbawala commented
Any update on this
Kent Kingery commented
Thanks for the update.
The Azure Firewall is a possible solution but is really quite expensive. For now, we've made the decision to move away from ACI for this particular use case. We can stand up a MicroK8s environment cheaper than the Azure Firewall.
Stephane Lapointe commented
We also need to be able to retrieve a container outgoing IP for white listing purposes
Karl Alfaro commented
A simple list of outbound IPs used by the ACIs would be really useful,
note that the containers can communicate with external services - where you need to allow the connection from certain sources - that is why we need such list.
Note that ACIs can be restarted at any time and the underlying outbound IP also may vary.