Customize Azure Spring Apps egress with a user-defined route
Azure Spring Apps is the new name for the Azure Spring Cloud service. Although the service has a new name, you'll see the old name in some places for a while as we work to update assets such as screenshots, videos, and diagrams.
This article applies to: ✔️ Java ✔️ C#
This article applies to: ✔️ Basic/Standard tier ✔️ Enterprise tier
This article describes how to customize an instance's egress route to support custom network scenarios. For example, you might want to customize an instance's egress route for networks that disallow public IPs and require the instance to sit behind a network virtual appliance (NVA).
By default, Azure Spring Apps provisions a Standard SKU Load Balancer that you can set up and use for egress. However, the default setup may not meet the requirements of all scenarios. For example, public IPs may not be allowed, or more hops may be required for egress.
- All prerequisites for deploying Azure Spring Apps in a virtual network. For more information, see Deploy Azure Spring Apps in a virtual network.
- An API version of 2022-09-01 preview or greater.
- Azure CLI version 1.1.7 or later.
- You can only define
OutboundTypewhen you create a new Azure Spring Apps service instance, and you can't updated it afterwards.
OutboundTypeworks only with a virtual network.
UserDefinedRoutingrequires a user-defined route with valid outbound connectivity for your instance.
UserDefinedRoutingimplies that the ingress source IP routed to the load-balancer may not match the instance's outgoing egress destination address.
Overview of outbound types in Azure Spring Apps
You can customize an Azure Spring Apps instance with a unique
outboundType of type
Outbound type loadBalancer
outboundType value is
outboundType is set to
loadBalancer, Azure Spring Apps automatically configures egress paths and expects egress from the load balancers created by the Azure Spring Apps resource provider. Two load balancers are recreated: one for the service runtime and another for the user app. A public IP address is provisioned for each load balancer. The load balancer is used for egress traffic for the generated public IP.
Outbound type userDefinedRouting
Using an outbound type is an advanced networking scenario and requires proper network configuration.
outboundType is set to
userDefinedRouting, Azure Spring Apps won't automatically configure egress paths. You must set up egress paths yourself. You could still find two load balancers in your resource group. They're only used for internal traffic and won't expose any public IP. You must prepare two route tables associated with two subnets: one to service the runtime and another for the user app.
userDefinedRouting requires a route for
0.0.0.0/0 and the next hop destination of a network virtual appliance in the route table. For more information, see Customer responsibilities for running Azure Spring Apps in a virtual network.