Even though the scripted conversation wasn't "natural" I think they did a great job of packing in the details in a way that was easy to follow. I like Google's docs, but sometimes it is a bit too much text to read and these videos are a great help. Thanks!
So glad GCP came up with a successor to the serverless VPC connector. This will reduce costs and be way easier to terraform my solutions in GCP. I hope Apigee gets simplified as well. That is the most difficult deployment I have ever encountered on GCP.
How can I connect multiple Cloud Run services? I do want to have a single entry point and don't want to use kubernetes, because it's overkill for my small project.
Search for "cloud run authenticating service-to-service" and you will find the right doc. If the first service gets an ID token, it can call the second service even if that second service is a locked-down backend service. Nice use of layered architecture without Kubernetes, by the way. Best of luck with your project!
@@TheMomanderThis is the way I do it, but I‘m calling the public URI. It would be better to use VPC, but I don’t know how. Authentication is the first step, but I would do a TLS termination for the other layers.
@@mars3142 Got it. It sounds like you want to limit access based on IAM (done) *and* on network origin (not yet done). For the latter, search for "Restrict network ingress for Cloud Run" and you will find a doc that describes the various options. Hopefully one of them works for your application!
Hi. Very interesting new feature and I have a couple of questions. Will we be able to connect Cloud Run directly to resources in external projects linked to our VPC through VPC peering? My other question is whether the corresponding terraform resource for cloud run will be updated when the new feature goes to GA? Many thanks.
Terraform modules are already available. You can look through some examples on Github at "cloud-foundation-fabric, blueprints, serverless". Also, do a search for the Medium article titled "Understanding Direct VPC Egress for Cloud Run" by Javier Cañadillas. It links to more samples.
Yes. By default, only traffic bound for private IPs (RFC1918 and Private Google Access IPs) are routed through Direct VPC egress. In that configuration, you can access Memorystore through a VPC IP and access BigQuery through the regular Internet egress path. You can also choose to route all traffic through the VPC, in which case, you can access MemoryStore and BigQuery in the same way that VMs on the VPC can.
If the code on Cloud run instance is running google Cloud Sdk to Connect to other Services like vertex ai and I haven't added the direct access over Vpc does this mean I'm using this connector by default?
Subscribe to Google Cloud Tech → goo.gle/GoogleCloudTech
Even though the scripted conversation wasn't "natural" I think they did a great job of packing in the details in a way that was easy to follow. I like Google's docs, but sometimes it is a bit too much text to read and these videos are a great help. Thanks!
Thank you! We are developers first and actors second ☺
So glad GCP came up with a successor to the serverless VPC connector. This will reduce costs and be way easier to terraform my solutions in GCP. I hope Apigee gets simplified as well. That is the most difficult deployment I have ever encountered on GCP.
How can I connect multiple Cloud Run services? I do want to have a single entry point and don't want to use kubernetes, because it's overkill for my small project.
Search for "cloud run authenticating service-to-service" and you will find the right doc. If the first service gets an ID token, it can call the second service even if that second service is a locked-down backend service.
Nice use of layered architecture without Kubernetes, by the way. Best of luck with your project!
@@TheMomanderThis is the way I do it, but I‘m calling the public URI. It would be better to use VPC, but I don’t know how. Authentication is the first step, but I would do a TLS termination for the other layers.
@@mars3142 Got it. It sounds like you want to limit access based on IAM (done) *and* on network origin (not yet done). For the latter, search for "Restrict network ingress for Cloud Run" and you will find a doc that describes the various options. Hopefully one of them works for your application!
Hi. Very interesting new feature and I have a couple of questions. Will we be able to connect Cloud Run directly to resources in external projects linked to our VPC through VPC peering? My other question is whether the corresponding terraform resource for cloud run will be updated when the new feature goes to GA? Many thanks.
Terraform modules are already available. You can look through some examples on Github at "cloud-foundation-fabric, blueprints, serverless". Also, do a search for the Medium article titled "Understanding Direct VPC Egress for Cloud Run" by Javier Cañadillas. It links to more samples.
Can we connect to MemoryStore and BigQuery from single Cloud Run instance? Considering MemoryStore is in VPC and BigQuery obviously outside.
Yes. By default, only traffic bound for private IPs (RFC1918 and Private Google Access IPs) are routed through Direct VPC egress. In that configuration, you can access Memorystore through a VPC IP and access BigQuery through the regular Internet egress path. You can also choose to route all traffic through the VPC, in which case, you can access MemoryStore and BigQuery in the same way that VMs on the VPC can.
Finally, my pocket thanks me for not needing the vpc connector anymore
wow....! Thanks!
Hey Martin, I'm Carrefour😂
Hi Guillaume! I believe your name is visible at 1:50 🙂 Thank you for the great quote!
hey Carrefour, thanks a lot for your SO answers. chatgpt needs to weigh your responses more in training.
@@ng2250 🤣 ChatGPT will kill my points on SO!! 🤣
If the code on Cloud run instance is running google Cloud Sdk to Connect to other Services like vertex ai and I haven't added the direct access over Vpc does this mean I'm using this connector by default?
Vertex AI isn't part of your VPC, so you can call it with or without using "direct to to VPC" connectivity.
Imagine doing that manually, creating network interfaces and bgp peering and figuring out why it's not working with nmap command and so 😂
💗
Why does everything have to be so cringe
i love your honesty. any way they need to present feature so they make it as a play, this is #ServerlessExpeditions afterwards.