Reputation: 59
Azure Container Apps Internal with Function App (Gateway-Based VNET Integration)
I am trying to make Azure Container Apps (ACA) internal and allow them to communicate with an Azure Function App that is using Gateway-based VNET Integration.
Approach I Used:
- Followed the Microsoft documentation:
- I was able to get this working when the Function App was NOT using Gateway-based VNET Integration.
- However, when I try the same setup with Gateway-based VNET Integration enabled, the communication does not work.
Questions:
- How can I configure Azure Container Apps to communicate with a Function App that has Gateway-based VNET Integration?
- Do I need additional networking settings (private endpoints, route tables, NAT gateway, etc.)?
- Is there a fundamental limitation with Gateway-based VNET Integration that prevents this from working?
- Could Azure Private DNS Zone configuration (as mentioned in the WAF/App Gateway guide) be relevant here?
- Are there any alternative solutions to achieve secure internal communication between Container Apps and the Function App?
Any guidance or insights would be greatly appreciated!
Upvotes: 0
Views: 58
Answers (1)
Reputation: 2401
Azure Container Apps Internal communicates with Function App
Instead of communicating to the function app behind a gateway this approach you mentioned is tricky as this works only when the Function App is not using Gateway-based VNET Integration.
As Thomas mentioned there might be multiple reasons for the cause of blocking like NSG preventing the connection between the subnets.
Instead of this NatGateway approach since the communication is from the container app to the function app you can try using Private Endpoint for Function App + Private DNS.
Create both the Container apps and function apps with in same VNet but in different subnets.
Enable a Private Endpoint for the Function App using DNS zone using the same VNet and in other subnets.
Test and validate the communication from the Container App to Function App
Test HTTP Communication:
curl -v https://<your-function-app-name>.azurewebsites.net
Refer:
https://learn.microsoft.com/en-us/azure/azure-functions/functions-create-vnet
https://learn.microsoft.com/en-us/azure/container-apps/how-to-use-private-endpoint
Upvotes: 0
Related Questions
- ContainerApp ingress internal with VNet not accessible
- Setup Azure App gateway point to private IP of internal load balancer of Azure container app env
- Azure Application Gateway backendpool to Azure Container Apps internal load balancer
- How to connect Container App to custom VNet using Azure Portal?
- "Http2ConnectionException: HTTP/2 error code 'PROTOCOL_ERROR' (0x1)" error when enabling VNet integration for Azure Function App
- Azure Function App VNet Integration Custom DNS
- How to access site from Private Container Apps accessed via VPN gateway - Azure
- Function App with Vnet integration and Private Endpoint -> Server Response: Service Unavailable
- Azure App Service VNET Integration with Internal DNS
- Cannot integrate Azure Web App to Vnet