Hey everyone! I'm facing a bit of an issue with my Azure function app. I've set it up with private endpoints and outbound VNet integration, and my storage account is configured with private endpoints and public access disabled. However, my function app can't connect to the storage over the private network.
I've already configured the environment variable `vnetcontentShareEnabled` to true. I also checked the DNS and confirmed that it resolves to the private link from the endpoints. But when I do a lookup from the Kudu site, it still returns a public IP instead of a private one, and I'm seeing that the DNS server is set to the Azure default IP 168.63.129.16.
My VNet has a custom DNS setting that points the traffic to our domain controller, which should resolve the private link DNS correctly. I'm just wondering if there's anything obvious that I'm missing here?
4 Answers
From my experience, the Azure Function App may not automatically create the required file share in the storage account when connecting via a private endpoint. You might need to create that file share manually, and its name should match your function's name as displayed in the portal. Just a heads up, I haven’t seen this issue when running functions in Azure Container Apps, since they connect only to blob containers.
Have you made sure to check the VNet links for the private DNS zones if you're using them? It's important to ensure they're linked correctly to your VNet.
For Azure Functions to use custom DNS properly, you'll need to set some specific configurations. Make sure you set the `WEBSITE_DNS_SERVER` to your domain controller's IP and set `WEBSITE_VNET_ROUTE_ALL` to `1`. Also, double-check that you have private endpoints set up for all necessary storage services, not just blobs.
Just to cover all bases, remember to check a couple of things: When you configured the private endpoint for the function app, did you create a DNS A record for the Kudu FQDN? That could be causing the IP address confusion. Moreover, have you enabled a managed identity for the function app and granted it the right data access permissions on the storage resource via RBAC? Or are you using SAS for authentication?
Related Questions
How To: Running Codex CLI on Windows with Azure OpenAI
Set Wordpress Featured Image Using Javascript
How To Fix PHP Random Being The Same
Why no WebP Support with Wordpress
Replace Wordpress Cron With Linux Cron
Customize Yoast Canonical URL Programmatically