Then these are the few things we need to configure for the subnet so that function can run.
1) Service Gateway to reach out OCI service
The function application in the private network needs to connect to the container registry and download the required image. To achieve this we need a Service gateway in the VCN. In the console Network -> Virtual Cloud Network page we can edit the VCN to add a service gateway.
2) Route Rule for service gateway.
In the private subnet where the application is running, there would be an attached route table, and in that table, we need to add a route rule saying the OCI service calls need to be routed through the service gateway we had created in the previous step.
3) Secure Egress Rule
In that particular subnet we need to allow traffic from the subnet to the OCI service, to do so we will add a stateful Egress Rule in the security list of the subnet
After these steps function should be able to reach out desired OCI service and run.
References:
