堆栈内存溢出
  简体   繁体   English

尝试调用 Auth0 OpenID 配置端点时 Google Cloud Run 服务连接超时

[英]Google Cloud Run Service connection timeout when trying to call Auth0 OpenID configuration endpoint

 原文  2022-03-15 18:03:16       auth0/ google-cloud-run/ egress

问题描述

I created a backend service that connects to the Auth0 oauth2 endpoint.我创建了一个连接到 Auth0 oauth2 端点的后端服务。 When testing all of this locally on localhost it works fine with the provided configurations.localhost上本地测试所有这些时,它可以很好地使用提供的配置。 However as soon as I deploy the backend service to Google Cloud Run it fails to work because the configuration endpoint is having a connection timeout.但是,一旦我将后端服务部署到 Google Cloud Run,它就无法工作,因为配置端点出现连接超时。

Here is the error log:这是错误日志:

Caused by: org.springframework.web.client.ResourceAccessException: I/O error on GET request for "https://myproject.eu.auth0.com/.well-known/openid-configuration": Connection timed out (Connection timed out); nested exception is java.net.ConnectException: Connection timed out (Connection timed out)
    at org.springframework.web.client.RestTemplate.doExecute(RestTemplate.java:785)
    at org.springframework.web.client.RestTemplate.exchange(RestTemplate.java:670)
    at org.springframework.security.oauth2.jwt.JwtDecoderProviderConfigurationUtils.getConfiguration(JwtDecoderProviderConfigurationUtils.java:150)
    ... 77 common frames omitted

Here is my Cloud Run service configuration:这是我的 Cloud Run 服务配置:

  - name: 'gcr.io/google.com/cloudsdktool/cloud-sdk'
    entrypoint: gcloud
    args:
      - 'alpha'
      - 'run'
      - 'deploy'
      - 'foo-service'
      - '--image=eu.gcr.io/$PROJECT_ID/foo-service:$BUILD_ID'
      - '--concurrency=80'
      - '--cpu=2'
      - '--memory=512Mi'
      - '--region=europe-west4'
      - '--min-instances=1'
      - '--max-instances=2'
      - '--platform=managed'
      - '--port=8080'
      - '--timeout=3000'
      - '--set-env-vars=SQL_CONNECTION=10.113.160.3, SQL_USER=root, SQL_PASSWORD=root, SQL_DATABASE=dev'
      - '--set-env-vars=LOG_LEVEL=debug'
      - '--ingress=internal'
      - '--allow-unauthenticated'
      - '--vpc-connector=cloud-run'
      - '--vpc-egress=all-traffic'

I guess the important part here is the --vpc-egress=all-traffic option so I am sure that the service is able to communicate to the outside.我想这里的重要部分是--vpc-egress=all-traffic选项,所以我确信该服务能够与外部通信。

However the Ingress is configured to --ingress=internal .但是 Ingress 配置为--ingress=internal Might this be a problem?这可能是个问题吗? I thought when I have an egress defined and there is a request being launched through that - that it will receive the response through that channel again and it should not be routed through the ingress and therefore be blocked by its policies?我想当我定义了一个出口并且通过它启动了一个请求时 - 它会再次通过该通道接收响应并且它不应该通过入口路由并因此被其策略阻止?

Edit #1 Removing the ingress=internal option did not seem to work.编辑 #1删除ingress=internal选项似乎不起作用。 I guess it's because it's being disabled by default if an egress is defined.我猜这是因为如果定义了出口,默认情况下它会被禁用。

1 个解决方案

解决方案1
 2 已采纳  2022-03-15 19:13:47

The option --vpc-egress=all-traffic means that all traffic originating from your Cloud Run service goes through the VPC connector you called cloud-run .选项--vpc-egress=all-traffic意味着来自您的 Cloud Run 服务的所有流量都通过您称为cloud-run的 VPC 连接器。 If you use that option, I don't think you can reach your Auth0 endpoint athttps://myproject.eu.auth0.com/.well-known/openid-configuration .如果您使用该选项,我认为您无法通过https://myproject.eu.auth0.com/.well-known/openid-configuration访问您的 Auth0 端点。 That's why the connection Cloud Run service => Auth0 times out.这就是连接 Cloud Run 服务 => Auth0 超时的原因。

I guess you need the VPC connector to connect to the private IP of your Cloud SQL instance.我想您需要 VPC 连接器来连接到您的 Cloud SQL 实例的私有 IP。 So only the traffic from your Cloud Run service to your Cloud SQL instance's private IP should go through the VPC connector.因此,只有从您的 Cloud Run 服务到您的 Cloud SQL 实例的私有 IP 的流量应该通过 VPC 连接器 go。 I think you can achieve this by using --vpc-egress=private-ranges-only instead.我认为您可以通过使用--vpc-egress=private-ranges-only来实现这一点。

Also, by setting --ingress=internal you are saying that your Cloud Run service can only be called within your VPC.network .此外,通过设置--ingress=internal您是说您的 Cloud Run 服务只能在您的 VPC.network 内调用 This means that Auth0 won't be able to call your Cloud Run service.这意味着 Auth0 将无法调用您的 Cloud Run 服务。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 谷歌云计算引擎 http 连接超时 - Google Cloud Compute Engine http Connection Timeout 如何从 Java 脚本安全地调用 Google Cloud Run 服务? - How to securely call a Google Cloud Run service from Java Script? 尝试部署到 Google Cloud Run 时出现权限错误 - Permission error when trying to deploy to Google Cloud Run Google Cloud Run 中的 Laravel 应用程序超时 - Timeout with Laravel App in Google Cloud Run 谷歌云 SQL + Go Gin 连接超时 200 并发 - Google Cloud SQL + Go Gin connection timeout with 200 concurrent Cloud Run 上的 Flask web 应用程序 - google.auth.exceptions.DefaultCredentialsError: - Flask web app on Cloud Run - google.auth.exceptions.DefaultCredentialsError: 使用 Artifact Repository 时如何查看在我的 Google Cloud Platform Cloud Run 服务上运行的文件? - How to see the files running on my Google Cloud Platform Cloud Run service when using Artifact Repository? Google Cloud Run - 创建服务任务永远加载 - Google Cloud Run - create service task is loadingforever 云跑启动spring开机超时如何解决 - How to solve Timeout when starting spring boot with cloud run Google Cloud 上的入口配置 - Ingress configuration on Google Cloud
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM