Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Using GCP API Gateway to front a Cloud Run backend with private ingress

Tags:

google-cloud-platform

google-cloud-run

google-cloud-api-gateway

google-vpc

I'd like to front my Cloud Run hosted API with API gateway, and only allow access to the Cloud Run URL from API Gateway.

I currently have an API deployed to Cloud Run with "public" ingress and authorization enabled. This works, however I'm curious if I can change my ingress model on Cloud Run to "internal" in order to entirely avoid routing any internet traffic to my Cloud Run container.

I know API Gateway is in Beta, and it seems like some aspects of internal ingress are Beta as well -- however I'm curious if there is a way to make this work.

Per the ingress docs, it seems like if I can somehow make my API Gateway request come from a VPC network, this setup should work, however I am not able to find a way to make this happen on the API gateway side.

like image 539
istrupin Avatar asked Dec 15 '20 19:12

istrupin

People also ask

What is the difference between App Engine and Cloud run?

While App Engine supports many different services within a single application, Cloud Functions support individualized services. It's an important detail when comparing Google App Engine vs Cloud Functions. If your requirements don't include multiple services then Cloud Functions is a great choice.

Do you need a load balancer with cloud run?

Cloud Run provides autoscaling, meaning that you don't necessarily need to put a Load Balancer in front of your Cloud run services (which in the case of serverless products in GCP are known as Network Endpoint Groups), as this is done automatically on your behalf: each revision is automatically scaled to the number of ...

Is cloud endpoints an API gateway?

Cloud Endpoints is a user-managed service whereas API Gateway is a fully managed service. Both support the same OpenAPI definition format. The main difference is that API Gateway can route a request to multiple backends, but Cloud Endpoints can route traffic only to a single backend.

1 Answers

When you deploy a Cloud Run service with internal only ingress, the requests need to come from the VPC SC or from your VPC.

With API Gateway, you can't plug your VPC or use the service in VPC SC (not a supported service), so you can't, yet.

The team is aware of this issue and should work on it. I don't know the priority and the ETA.

like image 172
guillaume blaquiere Avatar answered Oct 24 '22 10:10

guillaume blaquiere
Sign in to Comment

Related questions

Dataprep vs Dataflow vs Dataproc
how does one support pagination using bigtable Go client?
Permissions on GKE cluster
Authenticating to GKE master in Python
How to get project name/id from Google Cloud Storage bucket?
How to redirect all http traffic to https in Google Cloud Run
Bug in GCP: Unable to change instance template for instance group
How to get programmatically the current GKE project id from one of its clusters?
How do I move pods to a new node pool/ instance group
gcloud crashed (AttributeError): 'NoneType' object has no attribute 'revisionTemplate'
How to download a file from the internet to a Google Cloud bucket directly
"No filesystem found for scheme gs" when running dataflow in google cloud platform
Ansible GCP IAP tunnel
Switch a live domain to Google Cloud Run without downtime
How to get all roles/permissions that a service account have for a project and organization in GCP through API
How can I see request count (not rate) for a Google Cloud Run application?
How to use Cloud Armor with GAE Flex?
Email solution on GCP
Call Cloud Run from Cloud Function: IAM Authentication
Can GCP's Cloud Run be used for non-HTTP services?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!