Join Log in
Score:1
jezjez avatar Server

How to direct traffic to either Compute or Cloud Run service based on URL

jp flag
jezjez

We currently have a web app running on a Compute VM, and are working on gradually migrating it to Cloud Run. (We are doing it gradually because the current backend is in PHP and we are rewriting it in Go, one endpoint at a time)

Our site is current accessed at for example:
https://www.myapp.com
and API at:
https://www.myapp.com/books

Our plan is to have the new Cloud Run/Go API be accessible either in a 'v2' path:
https://www.myapp.com/v2/books
or on a subdomain
https://v2.myapp.com/books
and then decide which API to use in the client based on what's finished being migrated.

I was wondering what a good way to go about this would be.

Things I've considered (as a GCP beginner)

  • We already have nginx running on the Compute VM, so setting up a reverse proxy for https://www.myapp.com/v2 seemed like a good idea at first, but it seems that currently there is no way to access Cloud Run from Compute via private IP so the request would have to go out over the internet slowing things down (also not sure if reverse proxying to an external URL would cause issues with authentication etc?)

  • With the https://v2.myapp.com/books option, it seems that mapping custom domains for Cloud Run is still in preview release so I'm hesitant about using it in a production system, also ideally we'd like to use our own SSL certificate which doesn't seem to be supported.

  • The Firebase hosting option seems like it would be a bit complicated and also has a request timeout of 60s which is too short for some of the video uploads etc. we get.

  • Load balancer to a NEG would add a bit more complexity/cost but that seems to be the other option. It looks like serverless NEGs can't connect to Compute and managed VM NEGs can't connect to Cloud Run so would I need one of each in that case?

155
0 + 0
Goli Nikitha avatar
ng flag
Goli Nikitha
Refer this [documentation](https://cloud.google.com/run/docs/configuring/connecting-vpc) for using cloud run and a GCE(compute engine) private IP through shared VPC .
0
Reply
Score:0
boredabdel avatar Server
br flag
boredabdel

Commenting below on all the 4 options you mentioned

  • We already have nginx running on the Compute VM, so setting up a reverse proxy for https://www.myapp.com/v2 seemed like a good idea at first, but it seems that currently there is no way to access Cloud Run from Compute via private IP so the request would have to go out over the internet slowing things down (also not sure if reverse proxying to an external URL would cause issues with authentication etc?)

This is technically correct, you are able to setup a Cloud Run service to only accept traffic from the VPC (this is called Ingress options, you can read about it in the doc here [1]). And when you do, your Cloud Run Service will continue serving on what appears to be a public URL (the one generated when you deploy the service). But that URL is only accessible from the VPC, and even if it appears that the client will be making a call to an internet service, that traffic remains in our network and never leaves our backbone, so technically this should not add latency.

  • With the https://v2.myapp.com/books option, it seems that mapping custom domains for Cloud Run is still in preview release so I'm hesitant about using it in a production system, also ideally we'd like to use our own SSL certificate which doesn't seem to be supported.

I would not recommand using a preview feature in production, there is a risk that feature will change in a backward incompatible way. On the topic of using your own SSL certificates, you can deploy an HTTP LoadBalancer in front of your Cloud Run service (which is set to be private) and customize the LoadBalancer to fit your needs.

  • The Firebase hosting option seems like it would be a bit complicated and also has a request timeout of 60s which is too short for some of the video uploads etc. we get.

I'm not very familiar with Firebase.

  • Load balancer to a NEG would add a bit more complexity/cost but that seems to be the other option. It looks like serverless NEGs can't connect to Compute and managed VM NEGs can't connect to Cloud Run so would I need one of each in that case?

The LoadBalancer option looks complicated, but it's really not, you can use something like Terraform to provision the LoadBalancer, you only have to do it once

Hope this helps shade a light on your options [1] https://cloud.google.com/run/docs/securing/ingress

0 + 0
jezjez avatar
jp flag
jezjez
Thanks for the answer, your point about making calls over the internet is good to know, I had assumed this would slow things down alot but if not I think we may go with that option. I will have more of a look into the Load balancer and Terraform as well
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.