|
1 | 1 | --- |
2 | 2 | title: Service Connector limitations |
3 | | -description: Learn about current limitations in Service Connector used to connect apps and Cloud services in Azure. |
| 3 | +description: Learn about current limitations when you use Service Connector to connect apps and cloud services in Azure. |
4 | 4 | titleSuffix: Service Connector |
5 | 5 | ms.service: service-connector |
6 | 6 | ms.topic: troubleshooting |
7 | | -ms.date: 10/22/2024 |
| 7 | +ms.date: 04/06/2026 |
8 | 8 | ms.author: malev |
9 | 9 | author: maud-lv |
| 10 | +#customer intent: As a Service Connector user, I need to understand the known limitations of Service Connector so I can mitigate these limitations when I use Service Connector to connect my Azure apps and services. |
10 | 11 | --- |
11 | | -# Known limitations of Service Connector |
| 12 | +# Known Service Connector limitations |
12 | 13 |
|
13 | | -In this article, learn about Service Connector's existing limitations and how to mitigate them. |
| 14 | +This article describes known Service Connector limitations and ways to mitigate them. |
14 | 15 |
|
15 | | -## Limitations to Infrastructure as Code (IaC) |
| 16 | +## Limitations |
16 | 17 |
|
17 | | -Service Connector is designed to bring the benefits of easy, secure, and consistent backing service connections to as many Azure services as possible. To do so, Service Connector is developed as an extension resource provider. |
| 18 | +Service Connector is designed as an extension resource provider, so it can bring easy, secure, and consistent backing service connections to as many Azure services as possible. This infrastructure-as-code (IaC) support imposes some limitations, because Service Connector modifies existing infrastructure on the user's behalf. |
18 | 19 |
|
19 | | -IaC support comes with some limitations, as Service Connector modifies the infrastructure on the users' behalf. In this scenario, users begin by using Azure Resource Manager (ARM), Bicep, Terraform, or other IaC templates to create resources. Afterwards, they use Service Connector to set up resource connections. During this step, Service Connector modifies resource configurations on behalf of the user. If the user reruns their IaC template at a later time, modifications made by Service Connector disappear as they weren't reflected in the original IaC templates. As an example of this behavior, Azure Container Apps resources deployed with ARM templates usually have the managed identity authentication disabled by default. Service Connector enables the managed identity when setting up connections on the users' behalf. If users trigger the same ARM templates without updating the managed identity settings, the managed identity will be disabled once again in the redeployed Azure Container Apps resource. |
| 20 | +If you use Bicep, Terraform, Azure Resource Manager (ARM), or other IaC templates to create resources, and afterwards use Service Connector to set up resource connections, Service Connector modifies the resource configurations on your behalf. If you later rerun your IaC templates, the modifications Service Connector made disappear, because they weren't included in the original IaC templates. |
20 | 21 |
|
21 | | -If you run into any issues when using Service Connector, [file an issue with us](https://github.com/Azure/ServiceConnector/issues/new). |
| 22 | +For example, Azure Container Apps resources deployed with ARM templates usually disable managed identity authentication by default. When Service Connector then sets up connections, it enables managed identity on your behalf. If you trigger the same ARM templates without updating the managed identity settings, managed identity is disabled again in the redeployed Azure Container Apps resources. |
22 | 23 |
|
23 | 24 | ## Solutions |
24 | 25 |
|
25 | | -We suggest the following solutions: |
| 26 | +To mitigate the limitations, try the following solutions: |
26 | 27 |
|
27 | | -- Reference [how to build connections with IaC tools](how-to-build-connections-with-iac-tools.md) to build your infrastructure or translate your existing infrastructure to IaC templates. |
28 | | -- If your CI/CD pipelines contain templates of source compute or backing services, we suggested reapplying the templates, adding a sanity check or smoke tests to make sure the application is up and running, then allowing live traffic to the application. The flow adds a verification step before allowing live traffic. |
29 | | -- When automating Azure Container App code deployments with Service Connector, we recommend the use of [multiple revision mode](../container-apps/revisions.md#revision-modes) to avoid routing traffic to a temporarily nonfunctional app before Service connector can reapply connections. |
30 | | -- The order in which automation operations are performed matters. Ensure your connection endpoints are there before the connection itself is created. Ideally, create the backing service, then the compute service, and then the connection between the two. This way, Service Connector can configure both the compute service and the backing service appropriately. |
| 28 | +- See [Create connections with IaC tools](how-to-build-connections-with-iac-tools.md) to build your infrastructure or translate your existing infrastructure to IaC templates. |
| 29 | +- If your continuous integration/continuous delivery (CI/CD) pipeline source contains compute or backing service templates, add a liveness check or smoke tests when you reapply the templates. This flow adds a verification step to make sure the application is up and running before allowing live traffic to the application. |
| 30 | +- When you automate Azure Container App code deployments with Service Connector, use [multiple revision mode](/azure/container-apps/revisions#revision-modes). This mode avoids routing traffic to a temporarily nonfunctional app before Service Connector can reapply connections. |
| 31 | +- The order of automation operations matters. Ensure your connection endpoints exist before the connection itself is created. Ideally, create the backing service, then create the compute service, and then create the connection between the two services. Service Connector can then configure both the compute service and the backing service appropriately. |
| 32 | +- If you run into issues when using Service Connector, [file an issue](https://github.com/Azure/ServiceConnector/issues/new). |
31 | 33 |
|
32 | | -## Next steps |
| 34 | +## Related content |
33 | 35 |
|
34 | | -> [!div class="nextstepaction"] |
35 | | -> [Service Connector troubleshooting guidance](./how-to-troubleshoot-front-end-error.md) |
| 36 | +- [Service Connector troubleshooting guidance](how-to-troubleshoot-front-end-error.md) |
| 37 | +- [Create connections with IaC tools](how-to-build-connections-with-iac-tools.md) |
0 commit comments