You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: articles/spring-apps/troubleshooting-vnet.md
+22-2Lines changed: 22 additions & 2 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -40,15 +40,19 @@ To set up the Azure Spring Apps service instance by using the Resource Manager t
40
40
|`Resources created by Azure Spring Apps were disallowed by policy.`| Network resources are created when deploying Azure Spring Apps in your own virtual network. Be sure to check whether you have [Azure Policy](../governance/policy/overview.md) defined to block that creation. The error message lists the resources that weren't created. |
41
41
|`Required traffic is not allowlisted.`| Be sure to check [Customer responsibilities for running Azure Spring Apps in a virtual network](./vnet-customer-responsibilities.md) to ensure that the required traffic is allowlisted. |
42
42
43
-
## My application can't be registered
43
+
## My application can't be registered or it can't get settings from the config server
44
+
45
+
The applications running inside the Azure Spring Apps user cluster need to access the Eureka Server and the Config Server in the system runtime cluster via the `<service-instance-name>.svc.private.azuremicroservices.io` domain.
44
46
45
47
This problem occurs if your virtual network is configured with custom DNS settings. In this case, the private DNS zone used by Azure Spring Apps is ineffective. Add the Azure DNS IP 168.63.129.16 as the upstream DNS server in the custom DNS server.
46
48
49
+
If your custom DNS server can't add the Azure DNS IP `168.63.129.16` as the upstream DNS server, then add the DNS record `*.svc.private.azuremicroservices.io` to the IP of your application. For more information, see the [Find the IP for your application](access-app-virtual-network.md#find-the-ip-for-your-application) section of [Access an app in Azure Spring Apps in a virtual network](access-app-virtual-network.md).
50
+
47
51
## I can't access my application's endpoint or test endpoint in a virtual network
48
52
49
53
If your virtual network is configured with custom DNS settings, be sure to add Azure DNS IP `168.63.129.16` as the upstream DNS server in the custom DNS server, if you haven't already. Then, proceed with the following instructions.
50
54
51
-
If your virtual network is not configured with custom DNS settings, or if your virtual network is configured with custom DNS settings and you've already added Azure DNS IP `168.63.129.16` as the upstream DNS server in the custom DNS server, then complete the following steps:
55
+
If your virtual network isn't configured with custom DNS settings, or if your virtual network is configured with custom DNS settings and you've already added Azure DNS IP `168.63.129.16` as the upstream DNS server in the custom DNS server, then complete the following steps:
52
56
53
57
1. Create a new private DNS zone `private.azuremicroservices.io`.
54
58
1. Link the private DNS zone to the virtual network.
@@ -59,6 +63,22 @@ If your virtual network is not configured with custom DNS settings, or if your v
59
63
60
64
For more information, see [Access your application in a private network](./access-app-virtual-network.md)
61
65
66
+
## I can't access my application's public endpoint from public network
67
+
68
+
Azure Spring Apps supports exposing applications to the internet by using public endpoints. For more information, see [Expose applications on Azure Spring Apps to the internet from a public network](how-to-access-app-from-internet-virtual-network.md).
69
+
70
+
If you're using a user defined route feature, some features aren't supported because of asymmetric routing. For unsupported features, see the following list:
71
+
72
+
- Use the public network to access the application through the public endpoint.
73
+
- Use the public network to access the log stream.
74
+
- Use the public network to access the app console.
75
+
76
+
For more information, see [Control egress traffic for an Azure Spring Apps instance](how-to-create-user-defined-route-instance.md).
77
+
78
+
Similar limitations also apply to Azure Spring Apps when egress traffics are routed to a firewall. The problem occurs because both situations introduce asymmetric routing into the cluster. Packets arrive on the endpoint's public IP address but return to the firewall via the private IP address. So, the firewall must block such traffic. For more information, see the [Bring your own route table](how-to-deploy-in-azure-virtual-network.md#bring-your-own-route-table) section of [Deploy Azure Spring Apps in a virtual network](how-to-deploy-in-azure-virtual-network.md).
79
+
80
+
If you're routing egress traffics to a firewall but also need to expose the application to internet, use the expose applications to the internet with TLS Termination feature. For more information, see [Expose applications to the internet with TLS Termination at Application Gateway](expose-apps-gateway-tls-termination.md).
81
+
62
82
## Other issues
63
83
64
84
-[Access your application in a private network](access-app-virtual-network.md)
![prmerger-automator[bot]](https://avatars.githubusercontent.com/u/22479449?v=4&size=40){kind=avatar}
0 commit comments