GCP API 出口网关 Static IP
[英]GCP API Gateway Static IP for egress
问题描述
I have deployed an API Gateway on GCP.
我在 GCP 上部署了一个 API 网关。 I would like to attach a static IP to the gateway so that I can add the IP to an allowlist of another service, that the API Gateway forwards requests to.我想将 static IP 附加到网关,以便我可以将 IP 添加到另一个服务的白名单中,API 网关将请求转发到该服务。 The service is a third-party service, that only accepts requests from IPs on their allowlist.该服务是第三方服务,仅接受来自其白名单中 IP 的请求。
I have set up a load balancer for the API Gateway, which does have a global static IP attached.我已经为 API 网关设置了一个负载平衡器,它确实附加了一个全局 static IP。 However, this does solve the egress traffic, I see in the logs that the IP isn't static. Is there a way that I can attach a static IP to the API Gateway for egress, so that I can add a single IP to the other service?但是,这确实解决了出口流量,我在日志中看到 IP 不是 static。有没有办法可以将 static IP 附加到 API 出口网关,以便我可以将单个 88189858186 添加到其他服务?
Any help on this would be appreciated!对此有任何帮助将不胜感激!
1 个解决方案
解决方案1
1 已采纳 2022-03-08 21:02:03
You can't add egress control on API Gateway.您不能在 API 网关上添加出口控制。 A workaround is to create a proxy Cloud Functions that have a static egress IP .解决方法是创建具有 static 出口 IP 的代理 Cloud Functions 。 There is an overcost for the Cloud Functions processing and for the serverless VPC connector that you have to use. Cloud Functions 处理和您必须使用的无服务器 VPC 连接器的成本过高。
Another solution is to host the equivalent of API Gateway yourselves on Cloud Run for example (the open source project is name ESPv2, and I wrote an article on that (before the existence of the managed solution: API Gateway) and to use the similar configuration (serverless VPC connector and Cloud NAT) on the Cloud Run service.另一种解决方案是在 Cloud Run 上自己托管相当于 API 网关(开源项目名为 ESPv2,我写了一篇关于它的文章(在托管解决方案存在之前:API 网关)并使用类似的配置Cloud Run 服务上的(无服务器 VPC 连接器和 Cloud NAT)。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.