Share via

Azure function slot deployment with private endpoint and vnet integration fails.

Thomas Adams 41 Reputation points
2023-01-26T15:39:00.6433333+00:00

Hello,

We are currently trying to deploy 3 functions to a linux app service plan. The functions are a mix of different triggers such as timer, http and storage queue.

Each function has a staging and production slot and each slot has a private endpoint setup. Each slot also has vnet integration and route all vnet traffic enabled.

Each function also has a separate storage account and each storage account has 2 private endpoints setup for blob and file access - I believe this is needed for the function to work.

We have a self hosted build agent connected to the vnet and this uses a managed identity to perform the deployment through an azure devops pipeline.

The situation we find ourselves in is that we can deploy fine to the staging slot, however when it comes to swapping from the staging slot to the production slot we get various errors.

The most common error is this and normally fails after 20 minutes

##[error]Error: Failed to swap App Service '<function name>' slots - 'staging' and 'production'. Error: ExpectationFailed - Cannot swap site slots for site '<function name>' because the 'staging' slot did not respond to http ping. (CODE: 417)

Researching the issue yields the following configuration that might be missing

WEBSITE_CONTENTAZUREFILECONNECTIONSTRING

Which we have tried with and without this setting (assuming it should be the same storage account configured in AzureWebJobsStorage).

Research also takes me to this recently closed github issue [https://github.com/Azure/azure-functions-host/issues/8448

which states to try an undocumented configuration
WEBSITE_OVERRIDE_STICKY_DIAGNOSTICS_SETTINGS
but this doesn't work either.

Does anyone know of any comprehensive documentation on how to setup a function and function storage both secured by private endpoints and vnet integration? Or can anyone shed any light on the issues we are facing?
Just to add, we are unable to swap the slots via the portal. We also have a web app hosted on the same app service plan which we can deploy and swap slots fine.

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
5,932 questions

1 answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Thomas Adams 41 Reputation points
    2023-01-30T10:01:26.77+00:00

    There turned out to be nothing wrong with the network configuration, in the end it was a resource issue.

    After checking the docker logs via scm, we could see the container would take a long time warming up, it would go to a healthy state then straight into an unhealthy state.

    We were running 1 api and 3 functions, each with a production and staging slot on the S1 app service plan.

    After increasing the app service plan to P1V3, the deployment of the functions to the staging slot and the swap of the slots went through fine.

    1 person found this answer helpful.
    0 comments

Your answer

Answers can be marked as Accepted Answers by the question author, which helps users to know the answer solved the author's problem.