Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,680 questions
Azure ARM/Bicep VNet Integration stops function from working after recent change for vnetRouteAllEnabled at portal
![](data:image/svg+xml, %3Csvg xmlns='http://www.w3.org/2000/svg' height='64' class='font-weight-bold' style='font: 600 30.11764705882353px "SegoeUI", Arial' width='64'%3E%3Ccircle fill='hsl(201.6, 12%, 29%)' cx='32' cy='32' r='32' /%3E%3Ctext x='50%25' y='55%25' dominant-baseline='middle' text-anchor='middle' fill='%23FFF' %3EGW%3C/text%3E%3C/svg%3E)
Gavin Wun
6
Reputation points
Hello,
The bicep that we used to deploy/update a function resource on Azure has stopped working this week.
Since the end of last week, there was a new change where the flag vnetrouteAllEnabled was added to the portal under vnet integrations settings page - https://learn.microsoft.com/en-us/answers/questions/503122/is-website-vnet-route-all-redundant-or-soon-to-be.html
Whenever I try to deploy a function to Azure with vnet integration, the functions would not work - e.g. SCM website would return service unavailable etc.
The same bicep worked fine last week and seems like the flag vnetrouteAllEnabled is doing something different to the setup that's causing the function to stop working.
The following is the original bicep that worked before -
resource functionsSite 'Microsoft.Web/sites@2021-01-15' = {
name: functionsAppName
location: location
kind: kind
identity: {
type: 'SystemAssigned' //type: isSystemAssignedManagedIdentity ? 'SystemAssigned' : 'None'
}
properties: {
serverFarmId: functionsAppPlanName_resource.id
siteConfig: {
linuxFxVersion: linuxFxVersion
alwaysOn: alwaysOn
scmIpSecurityRestrictionsUseMain: false
ipSecurityRestrictions: appGwSubnetId == '' ? [] : ipSecurityRestrictions
}
containerSize: 1536
reserved: true
}
tags: {
'environment': environmentName
'service': serviceTag
'instance': instance
}
}
resource networkConfig 'Microsoft.Web/sites/networkConfig@2020-06-01' = if(vnetSubnetId != '') {
parent: functionsSite
name: 'virtualNetwork'
properties: {
subnetResourceId: vnetSubnetId
swiftSupported: true
}
}
But now when I use the above bicep, I am unable to access the function's SCM website, and also the function will be inaccessible as well (e.g. cannot turn on stream logs etc to view what's going on)
I've also tried the following bicep that I changed to use after seeing the new option "vnetrouteAllEnabled" for vnet integration in the portal to use that option instead, but still doesn't work (some parts excluded to shorten the bicep. e.g. app settings etc) -
resource functionsSite 'Microsoft.Web/sites@2021-01-15' = {
name: functionsAppName
location: location
kind: kind
identity: {
type: 'SystemAssigned' //type: isSystemAssignedManagedIdentity ? 'SystemAssigned' : 'None'
}
properties: {
serverFarmId: functionsAppPlanName_resource.id
siteConfig: {
linuxFxVersion: linuxFxVersion
alwaysOn: alwaysOn
scmIpSecurityRestrictionsUseMain: false
ipSecurityRestrictions: appGwSubnetId == '' ? [] : ipSecurityRestrictions
vnetRouteAllEnabled: vnetSubnetId == '' ? false : true
vnetPrivatePortsCount: 0
}
containerSize: 1536
reserved: true
virtualNetworkSubnetId: vnetSubnetId == '' ? null : vnetSubnetId
}
tags: {
'environment': environmentName
'service': serviceTag
'instance': instance
}
}
I am deploying this function to an app service plan using Premium V2 (P1V2 PremiumV2) - all Linux plans and functions.
I have also removed the flag WEBSITE_VNET_ROUTE_ALL from app settings as well but still fails.
Note that the storage account used by the function is also vnet restricted as well so I've also included app settings WEBSITE_CONTENTOVERVNET to the bicep deploy.
Creating the function without vnet integration, then manually setting it via portal works fine, just wouldn't work via bicep.
I've tried to compare the export from portal from the function created via portal vs what was deployed by bicep, and both looks the same.