Control app ingress

[mcollier]

How can I control the ingress traffic for the function app running in the Container App Environment? For example, I'd like to set ingress to be internal only for a few apps, while allowing external traffic for other apps.

I didn't see a way in the current Bicep template to control ingress options.

[raorugan]

Currently ingress is managed by Functions and is enabled by default. This is not exposed to user as of today. Can you explain more about this ? why do you need ingress for function apps? Is this common customer scenario?

[mcollier]

I see a few common scenarios:

• the need to keep functions private to an enterprise. With the current Azure Functions plans, this is typically done with either applying private endpoints to a Premium (EP) plan or hosting in an ASE. The ASE allows for more control from a virtual network perspective, but imposes limits on event driven scaling. Customers will opt for Premium (EP) to support inbound private endpoints and event driven scaling.
• the need to compose several services in relation to an overall solution. For example, a publicly/internet accessible HTTP-triggered function app that sends events/messages to a private Event Hub or Service Bus. There is another private, non-internet accessible function which consumes from the Event Hub or Service Bus. Only the HTTP-triggered function should be accessible via the internet or intranet. The "backend" event/message consuming function should only be accessible from within the app environment.

[raorugan]

The scenarios make sense! Let us evaluate them!

[raorugan]

Feature Request - Enable Ingress from ACA repo