[英]Cloud run service to service requests from within same project still being blocked by Ingress=Internal
I have set up nodejs and python cloud run services.我已经设置了nodejs和python云运行服务。 The nodejs front end makes calls to the python service, the requests work when ingress=all however when I change to ingress=internal it blocks my service to service requests.
nodejs 前端调用 python 服务,当 ingress=all 时请求工作,但是当我更改为 ingress=internal 时,它会阻止我的服务到服务请求。
I tried using VPC connector and routing all egress through the VPC connector in the nodejs service however this does not solve the issue.我尝试使用 VPC 连接器并通过 nodejs 服务中的 VPC 连接器路由所有出口,但这并不能解决问题。
Am I mistaken about how ingress=internal is supposed to work?我对 ingress=internal 应该如何工作有误吗? I thought it would block anything except requests coming from a service within the same project, which it is.
我认为它会阻止任何东西,除了来自同一项目中的服务的请求,它就是这样。
Any one have any ideas or even where I could find some logs to at least help diagnose the issue?任何人有任何想法,甚至我可以在哪里找到一些日志以至少帮助诊断问题?
Your issue comes from the origin of your request.您的问题来自您的请求的来源。 you need to be aware of this when you are trying to achieve network configuration.
当您尝试实现网络配置时,您需要注意这一点。
With your comments I understood that your frontend service serve React-Redux actions in the user browser.根据您的评论,我了解到您的前端服务在用户浏览器中提供 React-Redux 操作。 Now, print the request flow
现在,打印请求流
User Browser -> Frontend -> User Browser
(Load JS on user Browser)
User Browser -> Backend -> ERROR
Indeed the backend can be reached only by resources connected to the project VPC.实际上,只有连接到项目 VPC 的资源才能访问后端。 In your case, it's the user browser that perform the request and thus you get an error.
在您的情况下,执行请求的是用户浏览器,因此您会收到错误消息。
The setup that you perform will work in the request flow您执行的设置将在请求流中工作
User Browser -> Frontend -> (serverless VPC Connector) -> Backend -> (serverless VPC Connector) -> Frontend ->User Browser
That means, the request must all land in a publicly accessible service (here front end) which is connected to the VPC (through the serverless VPC Connector) and then perform a request to internal only services.这意味着,请求必须全部登陆一个可公开访问的服务(这里是前端),该服务连接到 VPC(通过无服务器 VPC 连接器),然后对内部服务执行请求。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.