changed api and indexer ingress to internal

dantelmomsft · dantelmomsft · commit 54be8cf4b95e · 2024-03-06T16:15:20.000+01:00
diff --git a/deploy/aca/infra/app/api.bicep b/deploy/aca/infra/app/api.bicep
@@ -33,6 +33,7 @@ module app '../../../shared/host/container-app-upsert.bicep' = {
     containerCpuCoreCount: '1.0'
     containerMemory: '2.0Gi'
     targetPort: 8080
+    external:false
     env: union(env, [
       {
         name: 'AZURE_CLIENT_ID'
diff --git a/deploy/aca/infra/app/indexer.bicep b/deploy/aca/infra/app/indexer.bicep
@@ -31,6 +31,7 @@ module app '../../../shared/host/container-app-upsert.bicep' = {
     containerCpuCoreCount: '1.0'
     containerMemory: '2.0Gi'
     targetPort: 8080
+    external:false
     env: union(env, [
       {
         name: 'AZURE_CLIENT_ID'
diff --git a/docs/aca/README-ACA.md b/docs/aca/README-ACA.md
@@ -268,8 +268,8 @@ To see any exceptions and server errors, navigate to the "Investigate -> Failure
 
 ### Enabling authentication
 
-By default, the deployed apps on ACA will have no authentication or access restrictions enabled, meaning anyone with routable network access to the web app can chat with your indexed data.You can require authentication to your Microsoft Entra by following the [Add app authentication](https://learn.microsoft.com/en-us/azure/container-apps/authentication) tutorial and set it up against the deployed web and api apps.
-Furthermore in order to let Web app to access the Api app be sure to configure native client access with [user_impersonation ](https://learn.microsoft.com/en-us/azure/container-apps/authentication-azure-active-directory#native-client-application)
+By default, the web app on ACA will have no authentication or access restrictions enabled, meaning anyone with routable network access to the web app can chat with your indexed data.You can require authentication to your Microsoft Entra by following the [Add app authentication](https://learn.microsoft.com/en-us/azure/container-apps/authentication) tutorial and set it up against the deployed web app.
+
 
 To then limit access to a specific set of users or groups, you can follow the steps from [Restrict your Microsoft Entra app to a set of users](https://learn.microsoft.com/entra/identity-platform/howto-restrict-your-app-to-a-set-of-users) by changing "Assignment Required?" option under the Enterprise Application, and then assigning users/groups access.  Users not granted explicit access will receive the error message -AADSTS50105: Your administrator has configured the application <app_name> to block users 
 

Original file line number	Diff line number	Diff line change
`@@ -33,6 +33,7 @@ module app '../../../shared/host/container-app-upsert.bicep' = {`
`33`	`33`	`containerCpuCoreCount: '1.0'`
`34`	`34`	`containerMemory: '2.0Gi'`
`35`	`35`	`targetPort: 8080`
	`36`	`+ external:false`
`36`	`37`	`env: union(env, [`
`37`	`38`	`{`
`38`	`39`	`name: 'AZURE_CLIENT_ID'`
Original file line number	Diff line number	Diff line change
`@@ -31,6 +31,7 @@ module app '../../../shared/host/container-app-upsert.bicep' = {`
`31`	`31`	`containerCpuCoreCount: '1.0'`
`32`	`32`	`containerMemory: '2.0Gi'`
`33`	`33`	`targetPort: 8080`
	`34`	`+ external:false`
`34`	`35`	`env: union(env, [`
`35`	`36`	`{`
`36`	`37`	`name: 'AZURE_CLIENT_ID'`