google cloud connectl local computer to network - google-cloud-platform

Is there a way to connect a local computer to google cloud network?
I have a server building ios apps on a mac mini, and would like to be able to call/make builds from google cloud VM - and copy files from local/on prem. to Google Cloud VM.

You can reach your goal in a few ways:
Enable ssh access to your mac mini to run commands remotely on it and use on of the options described in the documentation Transferring files to instances
to transfer files between cloud and premises.
Enable ssh access to your mac mini to run commands remotely and use cloud storage bucket mounted with Cloud Storage FUSE to the VM instance to upload/downlowad files between cloud and premises.
Use Google Cloud VPN to connect your on-premises network to the cloud.
In case of GKE cluster, you can find cluster CIDR range which contains IPs of Pods with the command:
gcloud container clusters describe my-cluster | grep clusterIpv4Cidr
to use it while configuring VPN.

Related

GCP: connect to Memotystore from cloud run Django app?

I'd like to add cache to my Django app hosting on Cloud Run.
From Django official docs, we can connect Django to a memory-based cache. Since I'm using Cloud Run, the memory get cleaned.
Memotystore seems good for this purpose, but there's only tutorial for flask and redis.
How could I achieve this?
Or should I just use a database caching?
Connect Redis instance to Cloud Run service using the steps in
documentation.
To connect from Cloud Run (fully managed) to Memorystore you need to
use the mechanism called "Serverless VPC Access" or a "VPC
Connector"
First, you have to create a Serverless VPC Access Connector
and then configure Cloud Run to use this connector
See connecting to a VPC Network for more information.
Alternatives to using this include:
Use Cloud Run for Anthos, where GKE provides the capability to
connect to Memorystore if the cluster is configured for it.
Stay within fully managed Serverless but use a GA version of the
Serverless VPC Access feature by using App Engine with Memorystore.
See this answer to connect to Memorystore from Cloud Run using an SSH
tunnel via GCE.

Connect Google Cloud Run with Google Compute Engine or GKE

Is there a way to connect Google Cloud Run with a service running in a Compute Engine instance in an specific port?
With Google Cloud Run I want to run a WebApp that needs to connect with a service running in Compute Engine or Google Kubernetes Engine. It's that possible?
Thanks in advance!
Yep, this is possible. You need to create a VPC Serverless connector and use it to connect to the internal IPs of the VMs in GCE or any resource in the VPC.

Connecting Google Cloud Run Service to Google Cloud SQL database

I have 2 google cloud services:
Google Cloud Run Service (Node Js / Strapi)
Google Cloud SQL Service (Mysql)
I have added the Cloud SQL connection to the Google Cloud Run Service from the UI, and have a public IP for the Google Cloud SQL Service. On top of that I have added the Run Service IP to the Authorised networks of SQL Service.
If I try and connect from another server (external from Google cloud) I can easily connect to the Google Cloud SQL Service and execute queries.
But if I try and connect from inside the GCloud Run Service with exactly the same settings (Ip, database_name, etc) my connection hangs and I get a timeout error in the logs...
How to properly allow Gcloud SQL to accept connections from GCloud RUN?
I looked for other answers in here, but they all look very old (around 2015 )
You can use 3 modes to access to your database
Use the built-in feature. In this case, you don't need to specify the IP address, it's a linux socket that is open to communicate with the database as described in the documentation
Use Cloud SQL private IP. This time, no need to configure a connection in the Cloud Run service, you won't use it because you will use the IP, not the linux socket. This solution required 2 things
Firstly attach your database to your VPC and give it a private IP
Then, you need to route the private IP traffic of Cloud Run through your VPC. For this you have to create, and then to attach to the Cloud RUn service, a serverless VPC Connector
Use CLoud SQL public IP. This time again, no need to configure a connection in the Cloud Run service, you won't use it because you will use the IP, not the linux socket. To achieve this, you need more steps (and it's less secure)
You need to route all the egress traffic of Cloud Run through your VPC. For this you have to create, and then to attach to the Cloud RUn service, a serverless VPC Connector
Deploy your Cloud Run service with the Serverless VPC Connector and the egress connectivity param to "all"
Then create a Cloud NAT to route all the VPC Connector ip range traffic to a single IP (or set of IPs) (The link is the Cloud Functions documentation, but it works exactly in the same way)
Finally authorize the Cloud NAT IP(s) on Cloud SQL authorized networks.
In your case, you have whitelisted the Cloud Run IP, but it's a shared IP (other service can use the same!! Be careful) and it's not always the same, there is a pool of IP addresses used by Google cloud.

Google Cloud Build on private VPC network

I have a Google Cloud Build trigger that build my image on the Google Cloud. I also have VPC network that hosting some resources that should be accessible while building the images.
While building the image, my docker script need to access the web server. It seems like the GCP Cloud build network is not my private VPC network. So, the script is not accessible to required resources that needed while building.
Is this possible to run the build in the VPC network? If yes, how?
It WILL be possible. Today, the feature is opened to Alpha testers and will be soon (I expect by 2 months) released in beta.
Last week, gcloud SDK received this update that allow you to create a worker pool. In fact, you will create a pool of VM in your project. And thus, the VM will be directly connected to your VPC.
I don't know the pricing model, but I think you will pay the Worker pool as standard VM price. Therefore, it won't as cheaper as Cloud Build. And it seems not planned to create a connector (peering? VPC connector?) between your VPC and the current Cloud Build managed version.

Can not connect between Cloud Run and Compute engine using Internal IP

I have a service which runs on Cloud Run, and a MYSQL, MongoDB databases on Compute Engine. Currently, I'm using public IP for connect between them, I want to use internal IP for improving performance, but i cant find solution for this problem, Please help me some ideas, Thanks.
Now is supported. You can use VPC network connector (Beta):
This feature is in a pre-release state and might change or have
limited support. For more information, see the product launch stages.
This page shows how to use Serverless VPC Access to connect a Cloud
Run (fully managed) service directly to your VPC network, allowing
access to Compute Engine VM instances, Memorystore instances, and any
other resources with an internal IP address.
To use Serverless VPC Access in a Cloud Run (fully managed) service,
you first need to create a Serverless VPC Access connector to handle
communication to your VPC network. After you create the connector, you
set your Cloud Run (fully managed) service configuration to use that
connector.
Here how to create: Creating a Serverless VPC Access connector and here an overview about it: Serverless VPC Access example
According to official documentation Connecting to instances using advanced methods
If you have an isolated instance that doesn't have an external IP
address (such as an instance that is intentionally isolated from
external networks), you can still connect to it by using its internal
IP address on a Google Cloud Virtual Private Cloud (VPC) network
However, if you check the services not yet supported for Cloud Run, you will find:
Virtual Private Cloud Cloud Run (fully managed) cannot connect to VPC
network.
Services not yet supported
You can now do that by running this command upon deployment:
gcloud run deploy SERVICE --image gcr.io/PROJECT_ID/IMAGE --vpc-connector CONNECTOR_NAME
If you already have a Cloud Run deployment, you can update it by running the command:
cloud run services update SERVICE --vpc-connector CONNECTOR_NAME
More information about that here
Connecting from Cloud Run Managed to VPC private addresses is not yet supported.
This feature is in development and is called Serverless VPC Access. You can read more here.
If you have a Compute Engine instance running in the same VPC with a public IP address, you can create an SSH tunnel to connect to private IP addresses through the public instance. This requires creating the tunnel in your own code, which is easy to do.