Control app ingress
Opened this issue · 4 comments
mcollier commented
How can I control the ingress traffic for the function app running in the Container App Environment? For example, I'd like to set ingress to be internal only for a few apps, while allowing external traffic for other apps.
I didn't see a way in the current Bicep template to control ingress options.
raorugan commented
Currently ingress is managed by Functions and is enabled by default. This is not exposed to user as of today. Can you explain more about this ? why do you need ingress for function apps? Is this common customer scenario?
mcollier commented
I see a few common scenarios:
- the need to keep functions private to an enterprise. With the current Azure Functions plans, this is typically done with either applying private endpoints to a Premium (EP) plan or hosting in an ASE. The ASE allows for more control from a virtual network perspective, but imposes limits on event driven scaling. Customers will opt for Premium (EP) to support inbound private endpoints and event driven scaling.
- the need to compose several services in relation to an overall solution. For example, a publicly/internet accessible HTTP-triggered function app that sends events/messages to a private Event Hub or Service Bus. There is another private, non-internet accessible function which consumes from the Event Hub or Service Bus. Only the HTTP-triggered function should be accessible via the internet or intranet. The "backend" event/message consuming function should only be accessible from within the app environment.
raorugan commented
The scenarios make sense! Let us evaluate them!