Deploy Azure function app with private endpoint results gateway error

SATYA PAVANKUMAR 40 Reputation points Microsoft Employee
2023-12-05T05:25:23.88+00:00

I am trying to do ZIP deployment of azure function app that has private endpoint enabled. As a part of this, I created azure resources as follow:

  • Function app with private endpoint enabled and disabled Allow public access on.
  • Storage account with private endpoint enabled, disabled public access and associcate with function app. I make sure private IP is added to Private DNS Zone A record.
  • Created VNET with 2 subnets such as InboundSubnet, OutboundSubnet. I associated same inbound subnets while creating azure function app, storage account. For Azure VNET integration outbound traffic , I used OutboundSubnet.

Since inbound traffic for function , storage is cut off with internet access, I published my ZIP to a storage account(Newly created and public enabled) via build(CI) pipeline and fetching the same ZIP file in release pipeline to deploy.

Function App name: demo-funcapp-test

However I am getting below issues:

The gateway did not receive a response from 'Microsoft.Web' within the specified time period

Encountered an error (InternalServerError) from host runtime. - From aztivity log

Ran CLI command from local machine

The command failed with an unexpected error. Here is the traceback: HTTPSConnectionPool(host='demo-funcapp-test.scm.azurewebsites.net', port=443): Max retries exceeded with url: /api/publish?type=zip&async=false (Caused by NewConnectionError('<urllib3.connection.HTTPSConnection object at 0x05EA4B50>: Failed to establish a new connection: [Errno 11001] getaddrinfo failed'))

Commands I tried:

$ZIP_URL = (az storage blob generate-sas --full-uri --permissions r --expiry 2023-12-31T23:59:59Z --account-name publicsgtest -c functionzipfiles -n build.zip | Out-String).Trim()

Write-Host $ZIP_URL

az webapp deploy --name demo-funcapp-test --resource-group osh-poc-rg --type zip --src-url $ZIP_URL --async false

az webapp deployment source config-zip --name demo-funcapp-test --resource-group osh-poc-rg --src $ZIP_URL

I tried to set env variable AZURE_CLI_DISABLE_CONNECTION_VERIFICATION=1 in azure function app settings but none helping.

My NSG rules:

User's image

Azure Functions
Azure Functions
An Azure service that provides an event-driven serverless compute platform.
4,567 questions
Azure Virtual Network
Azure Virtual Network
An Azure networking service that is used to provision private networks and optionally to connect to on-premises datacenters.
2,264 questions
Azure Private Link
Azure Private Link
An Azure service that provides private connectivity from a virtual network to Azure platform as a service, customer-owned, or Microsoft partner services.
484 questions
.NET CLI
.NET CLI
A cross-platform toolchain for developing, building, running, and publishing .NET applications.
326 questions
Accepted answer
  1. JananiRamesh-MSFT 23,256 Reputation points
    2023-12-06T11:25:31.64+00:00

    @SATYA PAVANKUMAR Thanks for your patience, you were trying to deploy the zip file from the storage account(public) to the private endpoint enabled function app and it was failing with below error

    2023-12-06T08:58:05.1946792Z ERROR: Gateway Timeout({"error":{"code":"GatewayTimeout","message":"The gateway did not receive a response from 'Microsoft.Web' within the specified time period."}})

    verified the zip file and noticed that folder structure was incorrect, it had 2 folders in it. We modified the zip file and tried removing private endpoint and did the deployment first after deployment, we added the private endpoint and vnet. with that we were able to deploy the functions successfully.

    Do let me know if you have any queries.

    Please 'Accept as answer' and ‘Upvote’ if it helped so that it can help others in the community looking for help on similar topics.

0 additional answers

Sort by: Most helpful
Most helpful Newest Oldest