Reputation: 31652
My NEGs are not connecting to my cloud run functions
I setup a GCE global load balancer and NEGs. What is unclear to me is how a NEG connects to a cloud run app. It looks like the Service name of a NEG just needs to match a corresponding cloud run app name.
I have done this but it appears it's not connected. I can't even find in the docs how to troubleshoot this linkage.
Created a neg via Terraform
resource "google_compute_region_network_endpoint_group" "neg" {
network_endpoint_type = "SERVERLESS"
region = us-east1
cloud_run {
service = "my-cloudrun-app"
}
}
Then deployed a cloud run app
gcloud run deploy my-cloudrun-app --region us-east1
My understanding is if the cloud run app name matches the service name it should connect to it. I can see the NEGs are connected to my GCE load balancer and the cloud run app was deployed successfully, but the NEG doesn't appear to be routing to my function.
Upvotes: 1
Views: 835
Answers (2)
Reputation: 31652
I'm using this official GCP module to hook this up (it actually does make it pretty easy!) https://github.com/terraform-google-modules/terraform-google-lb-http/tree/v6.0.1/modules/serverless_negs
I found it does work the way I expected it to, the issue was just that I didn't have a cloud run app behind one of the regional NEGs I created (I thought I did). I actually created several regional NEGs, made kind of a mess, and the regional NEG the LB was routing my traffic to didn't have a corresponding cloud run app it pointed to.
How I was able to troubleshoot this:
- Find the backend the load balancer was configured with
- In GCP console I was able to view the backend and all the regional NEGs configured for it
- Hit refresh/curl a bunch of times and saw in the gcp console on the backend's page one of the regional NEGs was actually receiving traffic- so I was at least able to see which NEG my traffic was being routed to
- Realized I didn't deploy a cloud run app with a name that regional NEG was configured for
I still feel like visibility into how all these components play together could be better, but the traffic flow diagram for the Backend service details page was a life saver!
Upvotes: 2
Reputation: 75970
I don't know if you did that, but you need more to deploy your neg on a load balancer. Here the missing pieces
resource "google_compute_managed_ssl_certificate" "default" {
name = "cert"
managed {
domains = ["${var.domain}"]
}
}
resource "google_compute_backend_service" "default" {
name = "app-backend"
protocol = "HTTP"
port_name = "http"
timeout_sec = 30
backend {
group = google_compute_region_network_endpoint_group.neg.id
}
}
resource "google_compute_url_map" "default" {
name = "app-urlmap"
default_service = google_compute_backend_service.default.id
}
resource "google_compute_target_https_proxy" "default" {
name = "https-proxy"
url_map = google_compute_url_map.default.id
ssl_certificates = [
google_compute_managed_ssl_certificate.default.id
]
}
resource "google_compute_global_forwarding_rule" "default" {
name = "lb"
target = google_compute_target_https_proxy.default.id
port_range = "443"
ip_address = google_compute_global_address.default.address
}
resource "google_compute_global_address" "default" {
name = "address"
}
Easy?? Absolutely not. Let me know if you need more details, guidances or explanation.
Upvotes: 2
Related Questions
- Unable to open tcp connection after Cloud Run deploy
- HTTPS Load Balancer + Cloud Run links not working
- GCP Google Cloud - Cannot create Load Balancer
- CloudRun can't make outbound http(s) requests - Timeout
- Load balancer giving failed_to_pick_backend with internet network endpoint group
- GCP serverless network endpoint group don't show Cloud Run services
- GCP: Trying to hit an Internal load balancer (internal IP) from Cloud Function
- Google Cloud Platform Load Balancer with Cloud Run throws 404 error
- GCP GKE load balancer connectio refused
- I can't configure Google Cloud Endpoints with Google Cloud Run