I am trying to do ZIP deployment of azure function app that has private endpoint enabled. As a part of this, I created azure resources as follow:
- Function app with private endpoint enabled and disabled Allow public access on.
- Storage account with private endpoint enabled, disabled public access and associcate with function app. I make sure private IP is added to Private DNS Zone A record.
- Created VNET with 2 subnets such as InboundSubnet, OutboundSubnet. I associated same inbound subnets while creating azure function app, storage account. For Azure VNET integration outbound traffic , I used OutboundSubnet.
Since inbound traffic for function , storage is cut off with internet access, I published my ZIP to a storage account(Newly created and public enabled) via build(CI) pipeline and fetching the same ZIP file in release pipeline to deploy.
Function App name: demo-funcapp-test
However I am getting below issues:
The gateway did not receive a response from 'Microsoft.Web' within the specified time period
Encountered an error (InternalServerError) from host runtime. - From aztivity log
Ran CLI command from local machine
The command failed with an unexpected error. Here is the traceback: HTTPSConnectionPool(host='demo-funcapp-test.scm.azurewebsites.net', port=443): Max retries exceeded with url: /api/publish?type=zip&async=false (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x05EA4B50>: Failed to establish a new connection: [Errno 11001] getaddrinfo failed'))
Commands I tried:
$ZIP_URL = (az storage blob generate-sas --full-uri --permissions r --expiry 2023-12-31T23:59:59Z --account-name publicsgtest -c functionzipfiles -n build.zip | Out-String).Trim()
Write-Host $ZIP_URL
az webapp deploy --name demo-funcapp-test --resource-group osh-poc-rg --type zip --src-url $ZIP_URL --async false
az webapp deployment source config-zip --name demo-funcapp-test --resource-group osh-poc-rg --src $ZIP_URL
I tried to set env variable AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=1 in azure function app settings but none helping.
My NSG rules: