I am trying to create azure app function which should be accessible to postgres in private vnet.
But, it seems the network is showing error as already delegated so can't add that.
So I tried adding delegation to aks network and azure app gateway network to create a private end point.
My azure bicep code:
@description('The name of the Azure Function app.')
param functionAppName string = 'func-${uniqueString(resourceGroup().id)}'
@description('Storage Account type')
@allowed([
'Standard_LRS'
'Standard_GRS'
'Standard_RAGRS'
])
param storageAccountType string = 'Standard_LRS'
@description('Location for all resources.')
param location string = resourceGroup().location
////@description('Location for Application Insights')
////param appInsightsLocation string = resourceGroup().location
@description('The language worker runtime to load in the function app.')
@allowed([
'dotnet'
'node'
'python'
'java'
])
param functionWorkerRuntime string = 'java'
param javaVersion string = '17'
@description('Specifies the OS used for the Azure Function hosting plan.')
@allowed([
'Windows'
'Linux'
])
param functionPlanOS string = 'Windows'
@description('Specifies the Azure Function hosting plan SKU.')
@allowed([
'EP1'
'EP2'
'EP3'
])
param functionAppPlanSku string = 'EP1'
@description('The name of the virtual network to be created.')
param vnetName string = 'vnet-${uniqueString(resourceGroup().id)}'
@description('The name of the subnet to be created within the virtual network.')
param subnetName1 string = 'subnet-${uniqueString(resourceGroup().id)}'
@description('The name of the subnet to be created within the virtual network.')
param subnetName2 string = 'subnet-${uniqueString(resourceGroup().id)}'
@description('Only required for Linux app to represent runtime stack in the format of \'runtime|runtimeVersion\'. For example: \'python|3.9\'')
param linuxFxVersion string = ''
////var vnetAddressPrefix = '10.0.0.0/16'
////var subnetAddressPrefix = '10.0.0.0/24'
////var subnetAddressPrefix1 = '10.0.1.0/24' //as delegation error coming with one first subnet
var hostingPlanName = functionAppName
//var applicationInsightsName = functionAppName
var storageAccountName = '${uniqueString(resourceGroup().id)}azfunctions'
var isReserved = ((functionPlanOS == 'Linux') ? true : false)
//var subscriptionId = reference(${uniqueString(resourceGroup().name)}, '2021-01-01').subscription
resource vnet 'Microsoft.Network/virtualNetworks@2021-03-01' existing = {
name: vnetName
}
resource subnet 'Microsoft.Network/virtualNetworks/subnets@2021-03-01' existing = {
name: subnetName1
parent: vnet
}
resource delegation 'Microsoft.Network/virtualNetworks/subnets/delegations@2021-03-01' = {
name: '${subnet.name}-delegated-serverFarms'
parent: subnet
properties: {
serviceName: 'Microsoft.Web/serverFarms'
}
dependsOn: [
subnet
]
}
resource storageAccount 'Microsoft.Storage/storageAccounts@2022-05-01' = {
name: storageAccountName
location: location
sku: {
name: storageAccountType
}
kind: 'Storage'
}
resource hostingPlan 'Microsoft.Web/serverfarms@2022-03-01' = {
name: hostingPlanName
location: location
sku: {
tier: 'ElasticPremium'
name: functionAppPlanSku
family: 'EP'
}
properties: {
maximumElasticWorkerCount: 20
zoneRedundant: true
reserved: isReserved
}
kind: 'elastic'
}
resource site 'Microsoft.Web/sites@2022-03-01' = {
name: functionAppName
location: location
kind: (isReserved ? 'functionapp,linux' : 'functionapp')
properties: {
publicNetworkAccess: 'Disabled'
httpsOnly: true
redundancyMode: 'None'
reserved: isReserved
serverFarmId: hostingPlan.id
siteConfig: {
linuxFxVersion: (isReserved ? linuxFxVersion : json('null'))
minimumElasticInstanceCount: 3
javaVersion: javaVersion
appSettings: [
{
name: 'AzureWebJobsStorage'
value: 'DefaultEndpointsProtocol=https;AccountName=${storageAccountName};EndpointSuffix= ${environment().suffixes.storage};AccountKey=${storageAccount.listKeys().keys[0].value}'
}
{
name: 'WEBSITE_CONTENTAZUREFILECONNECTIONSTRING'
value: 'DefaultEndpointsProtocol=https;AccountName=${storageAccountName};EndpointSuffix=${environment().suffixes.storage};AccountKey=${storageAccount.listKeys().keys[0].value};'
}
{
name: 'WEBSITE_CONTENTSHARE'
value: toLower(functionAppName)
}
{
name: 'FUNCTIONS_EXTENSION_VERSION'
value: '~4'
}
{
name: 'FUNCTIONS_WORKER_RUNTIME'
value: functionWorkerRuntime
}
]
}
}
dependsOn: [
delegation
]
}
resource functionAppName_virtualNetwork 'Microsoft.Web/sites/networkConfig@2022-03-01' = {
parent: site
name: 'virtualNetwork'
properties: {
subnetResourceId: resourceId('Microsoft.Network/virtualNetworks/subnets', vnetName, subnetName1)
swiftSupported: true
}
dependsOn: [
delegation
]
}
resource privateEndpoint 'Microsoft.Network/privateEndpoints@2021-05-01' = {
name: 'myPrivateEndpoint'
location: location
properties: {
subnet: {
id: resourceId('Microsoft.Network/virtualNetworks/subnets', vnetName, subnetName2) //vnet.properties.subnets[1].id
}
privateLinkServiceConnections: [
{
name: 'myPrivateEndpoint'
properties: {
privateLinkServiceId: site.id
groupIds: [
'sites'
]
}
}
]
}
dependsOn: [
delegation
]
}
But,I am getting error as below now.
{"status":"Failed","error":{"code":"DeploymentFailed","target":"/subscriptions/6<subscription_d>/resourceGroups/rg-testaps-vnet-dev/providers/Microsoft.Resources/deployments/functionAppDeployment","message":"At least one resource deployment operation failed. Please list deployment operations for details. Please see https://aka.ms/arm-deployment-operations for usage details.","details":[{"code":"NotFound","target":"/subscriptions/6<subscription_d>/resourceGroups/rg-testaps-vnet-dev/providers/Microsoft.Resources/deployments/functionAppDeployment","message":"{\r\n "Message": "No HTTP resource was found that matches the request URI 'https://australiaeast.network.azure.com:30004/c560b518-3db3-4544-b59b-ee9108ae55da/133396463178918513/subscriptions/6<subscription_d>/resourcegroups/rg-testaps-vnet-dev/providers/Microsoft.Network/virtualNetworks/vnet-testaps-spoke-dev-australiaeast/subnets/AKS/delegations/AKS-delegated-serverFarms?api-version=2021-03-01'."\r\n}"}]}}