Google API Access
Instances in VPC can reach Google and third-party APIs and services without an external IP address.
All Google Cloud APIs and services support private access.
The access methods are different for services in VPC networks compared to services in Google’s production infrastructure
- decreased network latency
- increased network security
- lower network cost
Networking Services API
ricardotrentin@RicardontinsMBP % docker pull nginx:latest ricardotrentin@RicardontinsMBP % gcloud auth configure-docker ricardotrentin@RicardontinsMBP % docker tag nginx gcr.io/rtrentin-01/nginx ricardotrentin@RicardontinsMBP % docker push gcr.io/rtrentin-01/nginx ricardotrentin@RicardontinsMBP Downloads % docker images REPOSITORY TAG IMAGE ID CREATED SIZE gcr.io/rtrentin-01/nginx latest d8906c7d4c44 2 weeks ago 135MB nginx latest d8906c7d4c44 2 weeks ago 135MB
Serverless VPC Access
Cloud Build is a managed service on Google Cloud Platform infrastructure that allows you to continuously build, test and deploy containers.
Private pools are customer-specific resources and can be customized. One customization option is the capability to disable the association of external IPs:
Once a pool is created, we can connect repositories and set up triggers:
Using 2nd generation:
ricardotrentin@RicardontinsMBP gcp % cat cloudbuild.yaml steps: - name: "gcr.io/cloud-builders/kubectl" args: ['get', 'nodes'] env: - 'CLOUDSDK_COMPUTE_REGION=us-east1' - 'CLOUDSDK_CONTAINER_CLUSTER=gke-east-vpc001' options: workerPool: 'projects/rtrentin-01/locations/us-east1/workerPools/vpc001-private-pool' logsBucket: 'gs://rtrentin-01_cloudbuild'
Private Pool without Public IP
AVX creates a 0.0.0.0/0 pointing to the gateway with priority 991 (show below) with a instance tag avx-snat-noip:
The challenge is that tagged routes are not exported:
- Adding manually:
- Priority 1000 is also used for avx gw internet route
- Priority < 1000 creates a route loop with the avx gw
The traffic (all) is brought to the FQDN device: this is not exactly the desired end state. Also, traffic from Cloud Build is not “attracted” to the avx gw.
Run containers on a fully managed platform
ricardotrentin@RicardontinsMBP gcp % docker images REPOSITORY TAG IMAGE ID CREATED SIZE nginx latest d8906c7d4c44 3 weeks ago 135MB gcr.io/rtrentin-01/nginx latest d8906c7d4c44 3 weeks ago 135MB curlimages/curl latest 3e48386b76e2 6 weeks ago 14.4MB gcr.io/rtrentin-01/curl latest 3e48386b76e2 6 weeks ago 14.4MB
Cloud Functions is a lightweight, event-based, asynchronous compute solution that allows you to create small, single-purpose functions that respond to cloud events – without the need to manage a server or a runtime environment.
A fully managed workflow orchestration service built on Apache Airflow.
Environments are self-contained Airflow deployments based on Google Kubernetes Engine.
Once we hit create: