I’d deployed a shiny new Function to OCI, I went to test this using fn invoke and it failed with the following error:
Error invoking function. status: 502 message: Failed to pull function image
The reason for this error is that I didn’t have a Service Gateway provisioned within the VCN that hosted the function app – but what is a Service Gateway you may ask???
A service gateway lets a Virtual Cloud Network (VCN) privately access specific Oracle services without exposing the data to the public internet. No internet gateway or NAT gateway is required to reach those specific services. The resources in the VCN can be in a private subnet and use only private IP addresses. The traffic from the VCN to the Oracle service travels over the Oracle network fabric and never traverses the internet.
To fix this I created a Service Gateway and attached this the subnet where my function app had been deployed, this provided the function app with access to the Container Registry to pull the image that contained the function.
In my case I’d deployed the function app to a private subnet that had no connectivity to the outside world – even to OCI services π.
I then needed to add a rule to route traffic through the Service Gateway.
Once I’d done this, the function worked πͺ.
Brendan's Tech Ramblings 
Leave a comment