feat(srv): add faas/caas x VPC doc MTA-6202 (#5185)

* feat(srv): add faas/caas x VPC doc MTA-6202

* feat(srv): update

* feat(srv): update

* feat(srv): update

* feat(srv): update

* feat(srv): update

* feat(srv): update

* Update pages/serverless-containers/faq.mdx

Co-authored-by: Benedikt Rollik <[email protected]>

* Update pages/serverless-containers/how-to/use-private-networks.mdx

Co-authored-by: ldecarvalho-doc <[email protected]>

* Update pages/serverless-containers/how-to/use-private-networks.mdx

Co-authored-by: Jessica <[email protected]>

* Apply suggestions from code review

Co-authored-by: Benedikt Rollik <[email protected]>
Co-authored-by: Jessica <[email protected]>

---------

Co-authored-by: Benedikt Rollik <[email protected]>
Co-authored-by: ldecarvalho-doc <[email protected]>
Co-authored-by: Jessica <[email protected]>

Author: 4 people

menu/navigation.json

@@ -4381,6 +4381,10 @@
                     "label": "Secure a container",
                     "slug": "secure-a-container"
                   },
+                  {
+                    "label": "Use Private Networks",
+                    "slug": "use-private-networks"
+                  },
                   {
                     "label": "Test a container",
                     "slug": "test-a-container"
@@ -4549,6 +4553,10 @@
                     "label": "Secure a function",
                     "slug": "secure-a-function"
                   },
+                  {
+                    "label": "Use Private Networks",
+                    "slug": "use-private-networks"
+                  },
                   {
                     "label": "Monitor function logs and metrics",
                     "slug": "monitor-function"

pages/instances/how-to/use-private-networks.mdx

@@ -70,7 +70,7 @@ If you want to create a Private Network without immediately attaching any resour
 ## How to delete a Private Network
 
 <Message type="note">
-  Before deleting a Private Network, you must [detach](/instances/how-to/use-private-networks/#how-to-detach-instances-from-a-private-network) all Instances attached to it.
+  Before deleting a Private Network, you must [detach](/vpc/how-to/attach-resources-to-pn/#how-to-detach-a-resource-from-a-private-network) all resources attached to it.
 </Message>
 
 This must be carried out from the VPC section of the console. Follow the procedure detailed in our [dedicated VPC documentation](/vpc/how-to/delete-private-network/).

pages/serverless-containers/concepts.mdx

@@ -181,9 +181,21 @@ Refer to the [dedicated documentation](/serverless-containers/reference-content/
 
 A container's privacy policy defines whether a container may be invoked anonymously (**public**) or only via an authentication mechanism provided by the [Scaleway API](https://www.scaleway.com/en/developers/api/serverless-containers/#authentication) (**private**).
 
-## Private Networks compatibility
+## Private Networks
 
-Refer to the [dedicated FAQ](/serverless-containers/faq/#how-can-i-configure-access-to-a-private-network-or-virtual-private-cloud-vpc) for more information on Serverless Containers compatibility with Private Networks and [Virtual Private Cloud (VPC)](/vpc/).
+Scaleway Serverless Containers support Private Networks.
+
+Private Networks let you connect Scaleway resources across multiple AZs within the same region. Attached resources can then communicate between themselves in an isolated and secure layer 2 network, away from the public internet.
+
+**D**ynamic **H**ost **C**onfiguration **P**rotocol (DHCP) is built into each Private Network, making it easy to manage the private IP addresses of your resources on the network.
+
+Read our dedicated documentation on [creating a Private Network](/vpc/how-to/create-private-network/).
+
+<Message type="note">
+Previously, Private Networks at Scaleway were zoned. Only resources from within one defined AZ could be attached to each network. Now, all Private Networks are regional, and resources from any AZ within that network's region can be attached. "Old" zoned Private Networks have all been automatically migrated to become regional.
+
+While DHCP is built into all new Private Networks, it may not be automatically activated for older Private Networks. Check our [migration](/vpc/reference-content/vpc-migration/) documentation for more information.
+</Message>
 
 ## Queue trigger
 

pages/serverless-containers/faq.mdx

@@ -229,7 +229,7 @@ Yes, you can [redirect all inbound HTTP connections to HTTPS](/serverless-contai
 
 ### Can I whitelist the IPs of my containers?
 
-Serverless Containers does not yet support Private Networks. However, you can use the Scaleway IP ranges defined at [https://www.scaleway.com/en/peering/](https://www.scaleway.com/en/peering/) on Managed Databases and other products that allow IP filtering.
+Scaleway Serverless Containers support [Virtual Private Cloud (VPC)](/vpc/) and can be attached to a Private Network, which allows you to securely connect your resources in an isolated environment. Refer to the [dedicated documentation](/serverless-functions/how-to/use-private-networks/) for more information.
 
 ### Which protocols are supported by Serverless Containers?
 
@@ -243,9 +243,7 @@ Containers use **http1** by default, yet the gRPC protocol requires `http2`. You
 
 ### How can I configure access to a Private Network or Virtual Private Cloud (VPC)?
 
-Scaleway Serverless Containers does not currently support Scaleway VPC or Private Networks, though this feature is under development.
-
-To add network restrictions on your resource, refer to the [list of prefixes used at Scaleway](https://www.scaleway.com/en/peering/). Serverless resources do not have dedicated or predictable IP addresses.
+Scaleway Serverless Functions support [Virtual Private Cloud (VPC)](/vpc/) and can be attached to a Private Network. Refer to the [dedicated documentation](/serverless-functions/how-to/use-private-networks/) for more information.
 
 ### Can I use my own TLS certificates for custom domains?
 
@@ -290,6 +288,6 @@ Further integrations are also possible even if not listed above, for example, [S
 
 You cannot use Serverless Containers with Edge Services because there are no native integrations between the two products yet.
 
-### Can I use the IP address of a Serverless Function?
+### Can I use the IP address of a Serverless Container?
 
 By design, it is not possible to guarantee static IPs on Serverless compute resources.

pages/serverless-containers/how-to/create-manage-delete-containers-namespace.mdx

@@ -29,6 +29,7 @@ This page shows you how to create and manage a Serverless Containers namespace.
     - Enter a **name** or use the automatically generated one. The name must only contain alphanumeric characters and dashes.
     - Enter an optional **description** and **tags**.
     - Choose a **region**, which is the geographical location in which your namespace will be deployed.
+    - Tick the **Enable VPC support** if you want to create containers within this namespace that you can attach to a [Private Network](/serverless-functions/concepts/#private-networks).
     - Enter any **environment variables** required for your namespace. Environment variables configured in a namespace will be available in all containers/apps within the same namespace. For each environment variable, click **+ Add new variable** and enter the key / value pair.
     - Set secret environment variables (optional). **Secrets** are environment variables that are injected into your container and stored securely, but not displayed in the console after initial validation. Add a **key** and a **value**.
     - Verify the **estimated cost**.

pages/serverless-containers/how-to/use-private-networks.mdx

@@ -0,0 +1,94 @@
+---
+meta:
+  title: How to use Private Networks with your Serverless Containers
+  description: This page explains how to use Private Networks for Scaleway Serverless Containers
+content:
+  h1: How to use Private Networks with your Serverless Containers
+  paragraph: This page explains how to use Private Networks for Scaleway Serverless Containers
+tags: private-networks private networks instance containers vpc
+dates:
+  validation: 2025-06-25
+  posted: 2021-06-25
+categories:
+  - serverless
+---
+
+[Private Networks](/serverless-containers/concepts/#private-networks) allow your Serverless Containers to communicate in an isolated and secure network without needing to be connected to the public internet. Each container can be connected to one or several Private Networks, letting you build your own network topologies.
+
+For full information about Scaleway Private Networks and VPC, see our [dedicated documentation](/vpc/) and [best practices guide](/vpc/reference-content/getting-most-private-networks/).
+
+<Message type="important">
+The Private Networks feature can only be enabled on newly created namespaces. Existing namespaces that do not have the feature enabled cannot be integrated in a Private Network.
+</Message>
+
+<Macro id="requirements" />
+
+- A Scaleway account logged into the [console](https://console.scaleway.com)
+- [Owner](/iam/concepts/#owner) status or [IAM permissions](/iam/concepts/#permission) allowing you to perform actions in the intended Organization
+- [Created a Private Network](/vpc/how-to/create-private-network/)
+
+
+## How to create a Private Network
+
+This action must be carried out from the VPC section of the console. Follow the procedure detailed in our [dedicated VPC documentation](/vpc/how-to/create-private-network/).
+
+## How to create a Private Networks-enabled namespace
+
+Before attaching a Private Network to a Serverless Container, you must create it within a namespace with the Private Networks feature enabled.
+
+1. Click **Containers** in the **Serverless** section of the side menu. The containers page displays.
+
+2. Click **+ Create namespace**. If you have no existing Serverless Containers resources in your current Project, click **Create a container**. The containers namespace creation wizard displays.
+
+3. Complete the following steps in the wizard:
+    - Enter a **name** or use the automatically generated one. The name can only contain lowercase alphanumeric characters and dashes.
+    - Enter an optional **description** and **tags**.
+    - Choose a **region**, which is the geographical location in which your namespace will be deployed.
+    - Tick the **Enable VPC support** box. This parameter cannot be edited once the namespace is created.
+    - Click **+ Add advanced options** to define any **environment variables** you want to inject into your container. For each environment variable, click **+ Add variable** and enter the key/value pair.
+    - Set optional secret environment variables. **Secrets** are environment variables which are injected into your container and stored securely, but not displayed in the console after initial validation. Add a **key** and a **value**.
+4. Click **Create namespace only** to finish, or click **Create namespace and add a container** if you want to [create a container](/serverless-containers/how-to/create-a-container/) next.
+
+## How to attach a Serverless Container to a Private Network
+
+<Tabs id="private-network-containers">
+  <TabsTab label="Existing container">
+  1. Click **Containers** in the **Serverless** section of the side menu. The containers page displays.
+  2. Click the relevant containers namespace.
+  3. Click the name of the container you want to manage.
+  4. Open the **Settings** tab, then scroll to the **Advanced options** section.
+  5. In the **VPC** tab, select a Private Network from the dropdown menu.
+  6. Click **Save container settings**.
+  
+  Your container is redeployed, and is now attached to the selected Private Network.
+</TabsTab>
+<TabsTab label="New container">
+  1. Click **Containers** in the **Serverless** section of the side menu. The containers page displays.
+  2. Click the **Private Networks-enabled** containers namespace in which you want to create your container.
+  3. Click **+ Create container**. The container creation wizard displays.
+  4. Scroll to the **Advanced options** section.
+  5. In the **VPC** tab, select a Private Network from the dropdown menu.
+  6. Configure the other parameters of your container, then click **Create container**. Refer to the [How to create a container](/serverless-containers/how-to/create-a-container/) for more information.
+
+  Your new container is deployed, and is attached to the selected Private Network.
+  </TabsTab>
+</Tabs>
+
+## How to detach a container from a Private Network
+
+1. Click **Containers** in the **Serverless** section of the side menu. The containers page displays.
+2. Click the relevant containers namespace.
+3. Click the name of the container you want to manage.
+4. Open the **Settings** tab, then scroll to the **Advanced options** section.
+5. In the **VPC** tab, click the <Icon name="unlink" /> icon next to the Private Network attached to your container.
+6. Click **Save container settings**.
+
+Your container is redeployed and is now detached from the Private Network.
+
+## How to delete a Private Network
+
+<Message type="note">
+  Before deleting a Private Network, you must [detach](/vpc/how-to/attach-resources-to-pn/#how-to-detach-a-resource-from-a-private-network) all resources attached to it.
+</Message>
+
+This must be carried out from the VPC section of the console. Follow the procedure detailed in our [dedicated VPC documentation](/vpc/how-to/delete-private-network/).

pages/serverless-containers/reference-content/containers-limitations.mdx

@@ -35,7 +35,8 @@ This section contains usage limits that apply when using Serverless Containers.
 | Secret environment variables                      | Max size       | 65536 bytes       | Secret environment variable |
 | Time before scale to zero                         | Time           | 15 minutes        | Instance                    |
 | Time before scale down                            | Time           | 30 seconds        | Instance                    |
-| Max HTTP request duration\***                     | Max            | 60 minutes        | Request                     |
+| HTTP request duration\***                         | Max            | 60 minutes        | Request                     |
+| Private Networks attached                         | Max            | 1                 | Container                   |
 | Logs                                              | Logs           | 30000 per minute  | Project                     |
 
 \* Lower limits may apply before account verification. Contact our support team if you have any questions.
@@ -87,9 +88,19 @@ Do not have your containers listen on these ports, as they are used by our servi
 
 **Not available:** Serverless products are designed to abstract away infrastructure management, to be easily scalable, and to be cost-efficient and simple. So dedicated IPs are not supported for this product.
 
-## Private Network and Virtual Private Cloud (VPC) compatibility
+## Private Networks and Virtual Private Cloud (VPC)
 
-Refer to the [dedicated FAQ](/serverless-containers/faq/#how-can-i-configure-access-to-a-private-network-or-virtual-private-cloud-vpc) for more information on Serverless Containers compatibility with Private Networks and [Virtual Private Cloud (VPC)](/vpc/).
+### Compatibility
+
+Scaleway Serverless Containers support [Virtual Private Cloud (VPC)](/vpc/) and can be attached to a Private Network, which allows you to securely connect your resources in an isolated environment. Refer to the [dedicated documentation](/serverless-containers/how-to/use-private-networks/) for more information.
+
+### Limitations
+
+- VPC is only compatible with containers using [sandbox](/serverless-containers/reference-content/container-sandbox/) V1 for the moment.
+
+- VPC works with Namespaces that have **VPC support enabled**. VPC support can only be enabled at [namespace creation](/serverless-functions/how-to/create-manage-delete-containers-namespace/#creating-a-serverless-containers-namespace), and cannot be updated afterward.
+
+- Only one Private Network can be attached to a function.
 
 ## Default values for CPU and memory limits
 

pages/serverless-functions/concepts.mdx

@@ -113,9 +113,21 @@ The function can then process the message and perform any required actions, such
 
 A function's privacy policy defines whether a function may be executed anonymously (**public**) or only via an authentication mechanism provided by the [Scaleway API](https://www.scaleway.com/en/developers/api/serverless-functions/#authentication) (**private**).
 
-## Private Networks compatibility
+## Private Networks
 
-Refer to the [dedicated FAQ](/serverless-functions/faq/#how-can-i-configure-access-to-a-private-network-or-virtual-private-cloud-vpc) for more information on Serverless Functions compatibility with Private Networks and [Virtual Private Cloud (VPC)](/vpc/).
+Scaleway Serverless Functions support Private Networks.
+
+Private Networks let you connect Scaleway resources across multiple AZs within the same region. Attached resources can then communicate between themselves in an isolated and secure layer 2 network, away from the public internet.
+
+**D**ynamic **H**ost **C**onfiguration **P**rotocol (DHCP) is built into each Private Network, making it easy to manage the private IP addresses of your resources on the network.
+
+Read our dedicated documentation on [creating a Private Network](/vpc/how-to/create-private-network/).
+
+<Message type="note">
+Previously, Private Networks at Scaleway were zoned. Only resources from within one defined AZ could be attached to each network. Now, all Private Networks are regional, and resources from any AZ within that network's region can be attached. "Old" zoned Private Networks have all been automatically migrated to become regional.
+
+While DHCP is built into all new Private Networks, it may not be automatically activated for older Private Networks. Check our [migration](/vpc/reference-content/vpc-migration/) documentation for more information.
+</Message>
 
 ## Queue trigger
 

pages/serverless-functions/faq.mdx

@@ -243,13 +243,11 @@ See the [functions runtimes documentation](/serverless-functions/reference-conte
 
 ### How can I configure access to a Private Network or Virtual Private Cloud (VPC)?
 
-Scaleway Serverless Functions does not currently support Scaleway VPC or Private Networks, though this feature is under development.
-
-To add network restrictions on your resource, consult the [list of prefixes used at Scaleway](https://www.scaleway.com/en/peering/). Note that Serverless resources do not have dedicated or predictable IP addresses.
+Scaleway Serverless Functions support [Virtual Private Cloud (VPC)](/vpc/) and can be attached to a Private Network. Refer to the [dedicated documentation](/serverless-functions/how-to/use-private-networks/) for more information.
 
 ### Can I allow to list the IPs of my functions?
 
-Serverless Functions does not yet support Private Networks. However, you can use the Scaleway IP ranges defined at [https://www.scaleway.com/en/peering/](https://www.scaleway.com/en/peering/) on Managed Databases and other products that allow IP filtering.
+Scaleway Serverless Functions support [Virtual Private Cloud (VPC)](/vpc/) and can be attached to a Private Network, which allows you to securely connect your resources in an isolated environment. Refer to the [dedicated documentation](/serverless-functions/how-to/use-private-networks/) for more information.
 
 ### Can I use Serverless Functions with Edge Services?
 

pages/serverless-functions/how-to/create-manage-delete-functions-namespace.mdx

@@ -32,6 +32,7 @@ This page shows you how to create, manage, and delete a Functions namespace usin
     - Enter a **name** or use the automatically generated one. The name can only contain lowercase alphanumeric characters and dashes.
     - Enter an optional **description** and **tags**.
     - Choose a **region**, which is the geographical location in which your namespace will be deployed.
+    - Tick the **Enable VPC support** if you want to create functions within this namespace that you can attach to a [Private Network](/serverless-functions/concepts/#private-networks).
     - Click **+ Add advanced options** to define any **environment variables** you want to inject into your function. For each environment variable, click **+ Add variable** and enter the key/value pair.
     - Set optional secret environment variables. **Secrets** are environment variables which are injected into your function and stored securely, but not displayed in the console after initial validation. Add a **key** and a **value**.
 4. Click **Create namespace only** to finish, or click **Create namespace and add a function** if you want to [create a function](/serverless-functions/how-to/create-a-function/) next.