Skip to content

xebia/gcp-private-cloud-run

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

1 Commit
README.md
README.md
 
 

Repository files navigation

gcp-private-cloud-run

Private Cloud Run behind external HTTP(S) Load Balancer.

REGION=europe-west1 &&\
VPC_NAME=priv-network


> VPC connector

gcloud compute networks create \
$VPC_NAME \
--subnet-mode=custom

gcloud compute networks vpc-access connectors create \
priv-connector \
--region=$REGION \
--network=$VPC_NAME \
--range=10.1.0.0/28


> Cloud Run

gcloud run deploy \
priv-cloud-run-service \
--image=michalsw/simple-web-server:latest \
--region=$REGION \
--vpc-connector=priv-connector \
--allow-unauthenticated \
--ingress=internal-and-cloud-load-balancing \
--set-env-vars SERVER_PORT=8080

> Cloud Run logs

gcloud logging read \
"resource.type=cloud_run_revision AND resource.labels.service_name=priv-cloud-run-service" \
--format="table(timestamp, textPayload)" \
--order="asc"


> public IP
gcloud compute addresses create my-lb-ip --global

> NEG endpoint to register Cloud Run with LB
gcloud compute network-endpoint-groups create \
cloud-run-neg \
--region=$REGION \
--network-endpoint-type=serverless \
--cloud-run-service=priv-cloud-run-service

> link NEG to backend service
gcloud compute backend-services create \
cloud-run-backend \
--global \
--load-balancing-scheme=EXTERNAL \
--port-name=http

> add NEG to backend service
gcloud compute backend-services add-backend \
cloud-run-backend \
--global \
--network-endpoint-group=cloud-run-neg \
--network-endpoint-group-region=$REGION

> URL map
gcloud compute url-maps create \
cloud-run-url-map \
--default-service=cloud-run-backend

> target HTTP proxy OR HTTPS proxy
gcloud compute target-http-proxies create \
cloud-run-http-proxy \
--url-map=cloud-run-url-map

> global forwarding rules

gcloud compute forwarding-rules create \
cloud-run-http-rule \
--load-balancing-scheme=EXTERNAL \
--network-tier=PREMIUM \
--global \
--target-http-proxy=cloud-run-http-proxy \
--ports=80 \
--address=my-lb-ip


> after LB is deployed it needs few minutes to work

$ curl -i 34.8.104.112
HTTP/1.1 200 OK
content-type: text/plain; charset=utf-8
X-Cloud-Trace-Context: cebf8671edbfbd12fbc061b2f2390308;o=1
Date: Wed, 16 Jan 2025 06:01:44 GMT
Server: Google Frontend
Content-Length: 2
Via: 1.1 google

ok%

About

Private Cloud Run behind ext LB

Topics

gcp cloud-run vpc-connector

Resources

Readme

Security policy

Security policy
Activity
Custom properties

Stars

0 stars

Watchers

2 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published