Hi,
I have a problem with the Redis Cache Private Endpoint, Private DNS in combination with a function.
Versions:
azurem: 2.78.0
Description:
The Terrafrom script generates all the required resources, but when the function starts, it cannot connect to the RedisCache via the private endpoint and the following error message appears.
Error Message:
Unexpected error (StackExchange.Redis.RedisConnectionException) while execute function: "No connection is active/available to service this operation; The remote certificate is invalid according to the validation procedure.ed; The remote certificate is invalid according to the validation procedure.
The terraform script looks like this:
provider "azurerm" {
features {}
}
variable "address_space" {
default = ["10.4.0.0/16"]
}
# VNET
resource "azurerm_resource_group" "rg" {
name = "vnet-rg"
location = "westeurope"
}
resource "azurerm_virtual_network" "vnet" {
name = "vnet"
resource_group_name = azurerm_resource_group.rg.name
location = "westeurope"
address_space = var.address_space
}
resource "azurerm_subnet" "rc_subnet" {
name = "rc-subnet"
resource_group_name = azurerm_virtual_network.vnet.resource_group_name
virtual_network_name = azurerm_virtual_network.vnet.name
address_prefixes = [cidrsubnet(var.address_space[0], 8, 5)]
enforce_private_link_endpoint_network_policies = true
service_endpoints = ["Microsoft.Web"]
}
# Redis Cache
resource "azurerm_resource_group" "rg" {
name = "arc-rg"
location = "westeurope"
}
resource "azurerm_redis_cache" "rc" {
name = "rc"
resource_group_name = azurerm_resource_group.rg.name
location = azurerm_resource_group.rg.location
capacity = 1
family = "C"
sku_name = "Basic"
public_network_access_enabled = false
enable_non_ssl_port = false
minimum_tls_version = "1.2"
}
resource "azurerm_private_endpoint" "rc_endpoint" {
name = "rc-pe"
location = azurerm_resource_group.rg.location
resource_group_name = azurerm_resource_group.rg.name
subnet_id = azurerm_subnet.rc_subnet.id
private_service_connection {
name = "rc-pe"
is_manual_connection = false
private_connection_resource_id = azurerm_redis_cache.rc.id
subresource_names = ["redisCache"]
}
}
# Private DNS
resource "azurerm_private_dns_zone" "rc_private_dns" {
name = "privatelink.redis.cache.windows.net"
resource_group_name = azurerm_resource_group.rg.name
}
resource "azurerm_private_dns_zone_virtual_network_link" "vnet_link" {
name = "vnet-link"
resource_group_name = azurerm_resource_group.rg.name
private_dns_zone_name = azurerm_private_dns_zone.rc_private_dns.name
virtual_network_id = azurerm_virtual_network.vnet.id
}
resource "azurerm_private_dns_a_record" "rc_priv_dns" {
name = azurerm_redis_cache.rc.name
zone_name = azurerm_private_dns_zone.rc_private_dns.name
resource_group_name = azurerm_resource_group.rg.name
ttl = 300
records = [azurerm_private_endpoint.rc_endpoint.private_service_connection[0].private_ip_address]
}
resource "azurerm_function_app" "fa" {
...
app_settings = {
...
# Redis Cache
REDIS_HOST = azurerm_private_dns_a_record.rc_priv_dns.fqdn
REDIS_PORT = azurerm_redis_cache.rc.ssl_port
REDIS_SSL = "true"
...
WEBSITES_ENABLE_APP_SERVICE_STORAGE = "true"
WEBSITE_ENABLE_SYNC_UPDATE_SITE = "true"
WEBSITE_DNS_SERVER = "168.63.129.16"
WEBSITE_VNET_ROUTE_ALL = "1"
WEBSITE_RUN_FROM_PACKAGE = "1"
...
}
I don’t know why the error occurs, maybe someone of you can help me here.
Thank you for your answers in advance.
Kind regards
Thorsten