Bear with me, I am still on training wheels with GCP
Scenario being
I have a Cloud Run instance serving an API (to be consumed internally)
A middleware running on Cloud Compute instance serving an API. This utilises API served by (1)
(2) needs to access (1)
I'm trying to figure out how to discover the internal DNS name or IP, so that the middleware (2) can be configured to access Cloud Run served API (1)
Intention being to create templates (environment config files) so that I can eventually automate the deployment of all layer.
With Cloud Run, you can't know before the first deployment the URL of the service. The pattern is
https://<serviceName>-<projectHash>.<region>.run.app
You can also have optionally a tag at the beginning, but it's not important here.
The bad part is the project Hash can't be calculated before the deployment (or I donc know the hash formula). Thus it's impossible to register in a DNS the URL in advance of the deployment.
However, if you use tools like terraform, you can get, as output, the URL of the service after the deployment and then register it in your DNS, as CNAME (Cloud Run is a managed service, you haven't a static IP).
You can also use the CLoud Run API to request the list of services on a project, pick the service that you want and get the URL of the service (get request to the service API)
A last word before you hit the wall, you talk about internal endpoint. Cloud Run url is public, and public only. Therefore, your middleware need to access to the internet to be able to request Cloud Run.
If your middleware is deployed on the same project, you can set the Cloud Run service ingress to internal to allow only resources from the VPCs of the current project to access to Cloud Run service.
But the URL is still public and you need an internet access to resolve and to access it.
If you don't wanna be bothered by service discovery and constructing the full URL, you can use runsd, a solution that I developed for Cloud Run that allows you to call a service by its name (e.g. http://hello).
Related
My spring boot application needs to call a third party API to verify an user data. now the API provided from third party, they have some restrictions like they only accept if the request comes from some specific IP.
Now our network consultant has made one of my worker nodes to be able to request this API. I can curl the request to the API and get a proper response. I can deploy my application on that worker node outside of kubernetes using tomcat and get proper response.
But when I deploy it on kubernetes cluster, it does not work. Does not work means that API don't accept/process the request. 503 service not available something like that.
Then I tried to curl the request from inside the pods of worker node and found it does not work.
So, I am guessing my Kubernetes is not using the configuration on the system network.
So is there any way I can make my worker node(even one worker node) to use the system network while calling that or any third party API, as I can see I can request and get proper response from API when I request it outside the cluster but from the worker node pc.
I Have a ASP.net Core Web API and the end point goes something like this
https://{domainname}/v1/{ControllerName} and it is hosted on AWS Fargate Conatainer
and we scheduled the endpoint to be invoked at particular time of the day, but to our surprise we see that this is
getting invoked from other sources and we decided to find the remoteip from where the API end point is getting invoked
tried adding with below snippet..
var ip = this.HttpContext.Features.Get()?.RemoteIpAddress?.ToString();
and when we invoked the API with Postman from my local machine the client id is not matching with my local machineIP, Any ideas here whether is my approach right or wrong?
I am trying to add an ASP.NET 4.x app hosted externally (using AWS Elastic Beanstalk) into the Service-registry of an existing PCF.
Edit: Is this possible? If so, can someone give me an example about how this can be done
Assuming you have network connectivity in all directions between apps in PCF and the external app, yes this should be quite possible.
However, if you're using Spring Cloud Eureka, your externally-hosted app will need to get valid OAuth credentials so that it can authenticate prior to registering.
The comment by Daniel Mikusa is very appropriate for how I achieved this.
For Pivotal SCS, you would want to create a service instance (if you
don't have one already), then create a service key for your external
app. That will give you all of the binding info/creds you need to
connect from your remote service. A service key is the same as binding
a service to an app, except it's not tied to an app so it works well
for situations like this. Just give your service key a good name, so
you know that it's being used by an external app when you come back
and see it a year from now
I have .net core API inside the web app and that web app is backend pool for azure application gateway. while trying to access the web app got below error.
"502 - Web server received an invalid response while acting as a gateway or proxy server."
On app GW, health prob for that web app in unhealthy but while access the API as a https://abc.azurewebsites.net/api/values then it works.
When we deploy API in Web App Service then apiname.azurewebsites.net does not work give any probes to application gateway and treat unhealthy. API works like xxx.azurewebsites.net/api/values and Application Gateway also know this path. We have to put /api/values in override backend path of http settings. Same have to do in health probes.
Yes, you can first verify if the backend API could access directly without app gateway. Then this error may happen due to the following main reasons:
NSG, UDR or Custom DNS is blocking access to backend pool members.
Back-end VMs or instances of virtual machine scale set are not responding to the default health probe.
Invalid or improper configuration of custom health probes.
Azure Application Gateway's back-end pool is not configured or empty.
None of the VMs or instances in virtual machine scale set are healthy.
Request time-out or connectivity issues with user requests.
Generally, the Backend healthy status and details could point it out and show some clues. You could also verify all of the above reasons one by one according to this DOC.
To get started quickly with API Connect, I just want to import a Swagger spec of an existing service and make this service a managed API in API Connect.
API Connect provides an import function for YAML files, but the API can not be tested.
I've seen this scenario several times, so I though it might be useful to have some documentation on this.
When importing a swagger specification, you need to modify a few settings to transform this service definition into an API definition (even though they are quite similar). You need to modify the following parameters:
Schemes https - The Gateway enforces HTTPS
Host: $(catalog.host) - This variable links to the current host (in a certain catalog)
Then, you need to build an assembly. The proxy policy is well suited for building facades, as all content from Headers, Body, etc. is re-routed. For the URL, enter the URL of the endpoint + a context variable that refers to the incoming path, like:
http://example.com$(request.path)
I have created a small video on Youtube to demonstrate the neccessary steps.