So I'm trying to deploy my NodeJS rest API on Cloud Run and for the most part it deploys successfully except a couple endpoints seem to be failing with either a 404 or 500 error. However when I run the container locally using docker run -p 8080:8080 <image> all the endpoints work. The common thing between all the failing endpoints seem to be that they are accessing the remote database using the credentials stored in the .env file.
EDIT: I think it is because the database is on a private internal ip so I'm trying to figure out what I would need to do for that
As mentioned by #guillaume, if your database is on a private internal network then VPC connector is necessary. You can use the Connecting from Cloud Run to Cloud SQL documentation as guide whether you stick to the private IP only or decided to use a public IP which will not require a VPC connector.
Related
I am running 3 tier application: frontend (react), backend (spring boot) and managed azure database in Azure.
To run backend and frontend - I do have Azure App Service leveraging containers.
It works fine until we restricted backend to be accessible via private endpoint in vNet.
Frontend is obviously connected to the very same vNet via SWIFT(known as vNet integration) connection.
So far it is all good.
The issue arises when there is a problem with backend which cannot connect to database e.g. because I messed up connection string. So I fixed that issue and restarted backend with a new version - fixed connection string.
Buuuut, and here it comes ... since backend previously crashed it is not running and the way how to bring up a new version is to simply call App Service URL (curl https://my-backend.azurewebsites.net). The issue is that it is not possible to call it since it is behind a private endpoint.
Workaround would be to start a VM inside the very same vNet and call backend like this:
admin#debug:~$ curl -k https://10.0.20.4 -I -H "Host: my-backend.azurewebsites.net"
and this works.
But this is a very cumbersome solution which is not a solution at all in fact.
Anyone has idea how to make it work ?
I am using terraform, and I also notice that when I totally un-deploy App Service and deploy it again - it boots up again.
Thx
I have the frontend and backend on cloud run, each whit his own service, but when I put "internal traffic" on the backend API, It doesn't work, give me 403 since the frontend and it is another service of the same project, and in the documentation says that internal means "only for the same project" so...
two services since the same project are not internal traffic?
I think that is because I use a custom domain and not the exact URL of the service but I am not sure because here says that the custom domains are allowed too.
So what do I have to do to auth my frontend service on cloud run?
I tried whit JWT auth, but there is a better option, isn't it
Cloud Run services set to internal only accepts traffic coming from the VPC network. In order to connect to a Cloud Run service that's serving internal traffic, the connecting service must be attached to a VPC connector. In this case, you need to setup Serverless VPC access connector as mentioned in this note:
For requests from other Cloud Run services or from Cloud Functions in the same project, connect the service or function to a VPC network and route all egress through the connector, as described in Connecting to a VPC network. Note that the IAM invoker permission is still enforced.
For authenticating between service-to-service, you can simply fetch an ID token from the Compute medatada server. You can do that on any GCP compute environment (Cloud Run, App Engine, Compute Engine, etc.). You can follow the steps provided in this documentation.
two services since the same project are not internal traffic?
Two services in the same project should be considered as internal traffic.
I believe what you need to do is follow the authentication steps with token as recommended here (service to service authentication):
https://cloud.google.com/run/docs/authenticating/service-to-service
https://cloud.google.com/run/docs/securing/service-identity#per-service-identity
Please note that even though you've set the ingress traffic to internal, the IAM role cloud run invoker is still needed for the service account.
I am in a kubernetes cluster with two services running. One of the services expose a endpoint like /customer/servcie-endpoint and other service is a nodejs application which is trying to access data from this service. Axios doesn't work as it needs a host to work with.
If I do a kubectl exec shell and run curl /customer/servcie-endpoint I receive all the data.
I am not sure how to get this data in a nodejs application. Sry for naive ask!
I'm trying to build an api gateway for an app in development using aws. I followed the steps in the doc https://docs.aws.amazon.com/apigateway/latest/developerguide/api-gateway-create-api-step-by-step.html.
However when I set my endpoint to be 127.0.0.1:3000/users for example, it returns an 500 {"message": "Internal server error"}.
The app is a simple nodejs endpoint run in docker. I'm just trying to discover api gateways.
I'm guessing the error is that the endpoint that I provide is not valid because I'm using it locally. So is there a way to use aws api gateway locally and is it the best option for an api gateway.
The doc you mention doesn't describe any method for deploying and running an api gateway locally, nor am I aware of any method to do this. I'm only aware of running API Gateway in AWS. The problem may be that you are trying to hit an API Gateway endpoint on your local machine, which is not possible.
Perhaps I misunderstand and you're trying to integrate an API Gateway in AWS with a service running locally. If this is the case, API Gateway will not be able to have an integration endpoint on your local machine, unless you expose your machine to the public internet AND provide api gateway with a public internet address for your machine. 127.0.0.1 is not a public internet address.
I'm trying to run my project on google cloud. The server is run with quickHttpServe which runs on http://0.0.0.0:8000. I've ssh'ed into my cloud instance, cloned my repo, install stack, built the project, and able to run it on the cloud instance.
It works fine on my local machine and am able to receive html file from the server on http://localhost:8000 but not on http://<my cloud instance external ip>:8000.
I'd like to be able to go to http://<my cloud instance external ip>:8000 and be served a html page as how it works when i run it locally on my machine.
Adding a firewall rule under the VPC network tab in google cloud for ip range 0.0.0.0/0 for tcp:8000 seems to solve the issue.