search

Azure / Azure-Functions

1.11k stars 196 forks source link

proxy-deprecation and vnet injection support #2306

Open erharvey opened 1 year ago

erharvey commented 1 year ago

Hello,

Based on following release note, support for azure functions proxies will be removed. https://azure.microsoft.com/en-ca/updates/community-support-for-azure-functions-proxies-will-end-on-30-september-2025/

Unfortunately, today, there is no direct "reasonable" support for secured network design using api management unless we use the premium tier in order to support vnet injection. The cost associated to this is a show stopper.

Is there any plan to enable this feature with API management basic tier in order to do the migration?

Thanks

ramya894 commented 1 year ago

@erharvey We will check this with our next level team and update you.

ramya894 commented 1 year ago

@kulkarnisonia16 Could you please assist on the above issue.

davidmw commented 1 year ago

I need to join in on this concern. Our backend is almost entirely consumption based for cost containment. Customers require data / processing residency so we've configured regional deployment and only see activity during that region's school hours and even that is bursty. We are largely idle the rest of the time. We are updating network architecture to improve security profile, putting everything possible on a regional vnet, and are also trying to solve issues with SNAT socket exhaustion so have put our 6 function apps behind private endpoints.

Now forced to consider APIM to replace legacy proxy on this architecture update. Consumption-based APIM doesn't support vnet. Vnet support is only available at Premium tier (v1 price $4,383.21 AUD per month), or Standard tier (v2 preview price of $1,098 AUD / mo).

We have no 'on-premises' resources, aren't publishing an API for external consumption, are not dealing with multiple teams, don't need a API portal, are not selling subscriptions to APIs, don't need business analytics. We need a secure API proxy on a consumption basis and a solution for socket exhaustion issues. APIM Premium will explode our Azure costs by 600% and even the preview Standard tier is 150% more expensive than our current total Azure footprint.

I don't have much choice other than mothball the current APIM integration investment we have been making and recommit to the depreciated proxy and hope some miracle occurs on Azure before 2025 that works for our use case.