I’ve recently been trying to set up a function app that is supposed to query a database. However, the database is only accessible through the V-NET. However, as soon as I enable V-NET integration for my function app the runtime becomes unreachable. Runtime is unreachable
Here’s my app’s network configuration:
Network configuration
Once I googled the problem I figured that enabling the V-NET integration probably causes a disconnect between my storage account and the function app. I have tried going to the storage account and enable the v-net under the Networking tab, but that sadly didn’t work.
In addition to allowing V-NETs on my storage account I also tried adding a couple of settings to my function app configuration:
- WEBSITE_CONTENTOVERVNET = 1
- WEBSITE_VNET_ROUTE_ALL = 1
- WEBSITE_CONTENTAZUREFILECONNECTIONSTRING = (auto generated on creation)
- WEBSITE_CONTENTSHARE = (auto generated on creation)
I have never worked with complex networking in Azure (or in general) before and don’t know what steps to take from here.
2
Answers
After some insane digging into all possible settings I found out that the customer who I'm building this for disabled all outgoing ports inside their environment. I needed to explicitly allow port 443 and 445 for it to work.
The reason the Functions App Runtime in unavailable is because the networking is not set up correctly to allow the functions app to reach the storage account.
When you create a functions app resource in Azure, you had to either point to an existing storage account or create a new one.
In order to make the storage account accessible, from a Functions app that is VNET integrated, it should be provisioned in a subnet and either Private Endpoints or Service Endpoints should be enabled on that subnet.
See the Quick Starts section on this doc "How to configure Azure Functions with a virtual network"
Example Adding a Subnet with Service Endpoints