Customize the ingress configuration in Azure Spring Apps
Note
The Basic, Standard, and Enterprise plans will be deprecated starting from mid-March, 2025, with a 3 year retirement period. We recommend transitioning to Azure Container Apps. For more information, see the Azure Spring Apps retirement announcement.
The Standard consumption and dedicated plan will be deprecated starting September 30, 2024, with a complete shutdown after six months. We recommend transitioning to Azure Container Apps. For more information, see Migrate Azure Spring Apps Standard consumption and dedicated plan to Azure Container Apps.
This article applies to: ✔️ Basic/Standard ✔️ Enterprise
This article shows you how to set and update an application's ingress settings in Azure Spring Apps by using the Azure portal and Azure CLI.
The Azure Spring Apps service uses an underlying ingress controller to handle application traffic management. The following ingress settings are supported for customization.
Name | Ingress setting | Default value | Valid range | Description |
---|---|---|---|---|
ingress-read-timeout |
proxy-read-timeout |
300 | [1,1800] | The timeout in seconds for reading a response from a proxied server. |
ingress-send-timeout |
proxy-send-timeout |
60 | [1,1800] | The timeout in seconds for transmitting a request to the proxied server. |
session-affinity |
affinity |
None | Session , None |
The type of the affinity that makes the request come to the same pod replica that was responding to the previous request. Set session-affinity to Cookie to enable session affinity. In the portal only, you must choose the enable session affinity box. |
session-max-age |
session-cookie-max-age |
0 | [0, 604800] | The time in seconds until the cookie expires, corresponding to the Max-Age cookie directive. If you set session-max-age to 0, the expiration period is equal to the browser session period. |
backend-protocol |
backend-protocol |
Default | Default, GRPC |
Sets the backend protocol to indicate how NGINX should communicate with the backend service. Default means HTTP/HTTPS/WebSocket. The backend-protocol setting only applies to client-to-app traffic. For app-to-app traffic within the same service instance, choose any protocol for app-to-app traffic without modifying the backend-protocol setting. The protocol doesn't restrict your choice of protocol for app-to-app traffic within the same service instance. |
client-auth |
client-auth |
0 selected | - | Select the certificates with the public key you uploaded in the TLS/SSL settings. Ingress concatenates these certificates into one and then uses it for client authentication. |
Prerequisites
An Azure subscription. If you don't have an Azure subscription, create a free account before you begin.
Azure CLI with the Azure Spring Apps extension. Use the following command to remove previous versions and install the latest extension. If you previously installed the spring-cloud extension, uninstall it to avoid configuration and version mismatches.
az extension remove --name spring az extension add --name spring az extension remove --name spring-cloud
Set the ingress configuration
Use the following Azure CLI command to set the ingress configuration when you create.
az spring app create \
--resource-group <resource-group-name> \
--service <service-name> \
--name <app-name> \
--ingress-read-timeout 300 \
--ingress-send-timeout 60 \
--session-affinity Cookie \
--session-max-age 1800 \
--backend-protocol Default \
--client-auth-certs <cert-id>
Note
The cert-id
value is in the format /subscriptions/<your-sub-id>/resourceGroups/<resource-group-name>/providers/Microsoft.AppPlatform/Spring/<service-name>/certificates/<cert-name>
. To get the cert-id
value, use the following command: az spring certificate show --service <service-instance-name> --resource-group <resource-group-name> --name <certificate-name> --query id
This command creates an app with the following settings:
- Ingress read timeout: 300 seconds
- Ingress send timeout: 60 seconds
- Session affinity: Cookie
- Session cookie max age: 1800 seconds
- Backend protocol: Default
- Client Auth: cert-name
Update the ingress settings for an existing app
Use the following steps to update the ingress settings for an application hosted by an existing service instance.
Sign in to the portal using an account associated with the Azure subscription that contains the Azure Spring Apps instance.
Navigate to the Apps pane, and then select the app you want to configure.
Navigate to the Configuration pane, and then select the Ingress settings tab.
Update the ingress settings, and then select Save.
FAQ
How do you enable gRPC?
Set the backend protocol to GRPC.
How do you enable WebSocket?
WebSocket is enabled by default if you set the backend protocol to Default. The WebSocket connection limit is 20000. When you reach that limit, the connection fails.
You can also use RSocket based on WebSocket.
What is the difference between ingress config and ingress settings?
Ingress config can still be used in the Azure CLI and SDK, and that setting applies to all apps within the service instance. After ingress settings configure an app, the Ingress config can't affect it. We don't recommend that new scripts use ingress config since we plan to stop supporting it in the future.
When ingress settings are used together with App Gateway/APIM, what happens when you set the timeout in both Azure Spring Apps ingress and the App Gateway/APIM?
The shorter timeout is used.
Do you need extra config in App Gateway/APIM if you need to have end-to-end support for gRPC or WebSocket?
You don't need extra config as long as the App Gateway supports gRPC.
Is configurable port supported?
Configurable port isn't currently supported (80/443).