You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/spring-apps/enterprise/how-to-configure-ingress.md
+19-11Lines changed: 19 additions & 11 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -17,13 +17,14 @@ This article shows you how to set and update an application's ingress settings i
17
17
18
18
The Azure Spring Apps service uses an underlying ingress controller to handle application traffic management. The following ingress settings are supported for customization.
19
19
20
-
| Name | Ingress setting | Default value | Valid range | Description |
|`ingress-read-timeout`|`proxy-read-timeout`| 300 |\[1,1800\]| The timeout in seconds for reading a response from a proxied server. |
23
-
|`ingress-send-timeout`|`proxy-send-timeout`| 60 |\[1,1800\]| The timeout in seconds for transmitting a request to the proxied server. |
24
-
|`session-affinity`|`affinity`| None | Session, None | The type of the affinity that will make the request come to the same pod replica that was responding to the previous request. Set `session-affinity` to Cookie to enable session affinity. In the portal only, you must choose the enable session affinity box. |
25
-
|`session-max-age`|`session-cookie-max-age`| 0 |\[0, 604800\]| The time in seconds until the cookie expires, corresponding to the `Max-Age` cookie directive. If you set `session-max-age` to 0, the expiration period is equal to the browser session period. |
26
-
|`backend-protocol`|`backend-protocol`| Default | Default, GRPC | Sets the backend protocol to indicate how NGINX should communicate with the backend service. Default means HTTP/HTTPS/WebSocket. The `backend-protocol` setting only applies to client-to-app traffic. For app-to-app traffic within the same service instance, choose any protocol for app-to-app traffic without modifying the `backend-protocol` setting. The protocol doesn't restrict your choice of protocol for app-to-app traffic within the same service instance. |
20
+
| Name | Ingress setting | Default value | Valid range | Description |
|`ingress-read-timeout`|`proxy-read-timeout`| 300 |\[1,1800\]| The timeout in seconds for reading a response from a proxied server. |
23
+
|`ingress-send-timeout`|`proxy-send-timeout`| 60 |\[1,1800\]| The timeout in seconds for transmitting a request to the proxied server. |
24
+
|`session-affinity`|`affinity`| None |`Session`, `None`| The type of the affinity that makes the request come to the same pod replica that was responding to the previous request. Set `session-affinity` to Cookie to enable session affinity. In the portal only, you must choose the enable session affinity box. |
25
+
|`session-max-age`|`session-cookie-max-age`| 0 |\[0, 604800\]| The time in seconds until the cookie expires, corresponding to the `Max-Age` cookie directive. If you set `session-max-age` to 0, the expiration period is equal to the browser session period. |
26
+
|`backend-protocol`|`backend-protocol`| Default | Default, `GRPC`| Sets the backend protocol to indicate how NGINX should communicate with the backend service. Default means HTTP/HTTPS/WebSocket. The `backend-protocol` setting only applies to client-to-app traffic. For app-to-app traffic within the same service instance, choose any protocol for app-to-app traffic without modifying the `backend-protocol` setting. The protocol doesn't restrict your choice of protocol for app-to-app traffic within the same service instance. |
27
+
|`client-auth`|`client-auth`| 0 selected | - | Select the certificates with the public key you uploaded in the TLS/SSL settings. Ingress concatenates these certificates into one and then uses it for client authentication. |
27
28
28
29
## Prerequisites
29
30
@@ -44,21 +45,26 @@ Use the following Azure CLI command to set the ingress configuration when you cr
44
45
az spring app create \
45
46
--resource-group <resource-group-name> \
46
47
--service <service-name> \
47
-
--name <service-name> \
48
+
--name <app-name> \
48
49
--ingress-read-timeout 300 \
49
50
--ingress-send-timeout 60 \
50
51
--session-affinity Cookie \
51
52
--session-max-age 1800 \
52
53
--backend-protocol Default \
54
+
--client-auth-certs <cert-id>
53
55
```
54
56
57
+
> [!NOTE]
58
+
> The `cert-id` value is in the format `/subscriptions/<your-sub-id>/resourceGroups/<resource-group-name>/providers/Microsoft.AppPlatform/Spring/<service-name>/certificates/<cert-name>`. To get the `cert-id` value, use the following command: `az spring certificate show --service <service-instance-name> --resource-group <resource-group-name> --name <certificate-name> --query id`
59
+
55
60
This command creates an app with the following settings:
56
61
57
62
- Ingress read timeout: 300 seconds
58
63
- Ingress send timeout: 60 seconds
59
64
- Session affinity: Cookie
60
65
- Session cookie max age: 1800 seconds
61
66
- Backend protocol: Default
67
+
- Client Auth: cert-name
62
68
63
69
## Update the ingress settings for an existing app
64
70
@@ -81,12 +87,13 @@ Use the following command to update the ingress settings for an existing app.
81
87
az spring app update \
82
88
--resource-group <resource-group-name> \
83
89
--service <service-name> \
84
-
--name <service-name> \
90
+
--name <app-name> \
85
91
--ingress-read-timeout 600 \
86
92
--ingress-send-timeout 600 \
87
93
--session-affinity None \
88
94
--session-max-age 0 \
89
95
--backend-protocol GRPC \
96
+
--client-auth-certs ''
90
97
```
91
98
92
99
This command updates the app with the following settings:
@@ -96,6 +103,7 @@ This command updates the app with the following settings:
96
103
- Session affinity: None
97
104
- Session cookie max age: 0
98
105
- Backend protocol: GRPC
106
+
- Client Auth: 0 selected
99
107
100
108
---
101
109
@@ -107,13 +115,13 @@ This command updates the app with the following settings:
107
115
108
116
- How do you enable WebSocket?
109
117
110
-
WebSocket is enabled by default if you set the backend protocol to *Default*. The WebSocket connection limit is 20000. When you reach that limit, the connection will fail.
118
+
WebSocket is enabled by default if you set the backend protocol to *Default*. The WebSocket connection limit is 20000. When you reach that limit, the connection fails.
111
119
112
120
You can also use RSocket based on WebSocket.
113
121
114
122
- What is the difference between ingress config and ingress settings?
115
123
116
-
Ingress config can still be used in the Azure CLI and SDK, and that setting will apply to all apps within the service instance. Once an app has been configured by ingress settings, the Ingress config won't affect it. We don't recommend that new scripts use ingress config since we plan to stop supporting it in the future.
124
+
Ingress config can still be used in the Azure CLI and SDK, and that setting applies to all apps within the service instance. After ingress settings configure an app, the Ingress config can't affect it. We don't recommend that new scripts use ingress config since we plan to stop supporting it in the future.
117
125
118
126
- When ingress settings are used together with App Gateway/APIM, what happens when you set the timeout in both Azure Spring Apps ingress and the App Gateway/APIM?
0 commit comments