cloud-foundation-fabric/networking/private-cloud-function-from-onprem

Calling a private Cloud Function from On-premises

This example shows how to invoke a private Google Cloud Function from the on-prem environment via a Private Service Connect endpoint.

According to the documentation, only requests from VPC networks in the same project or VPC Service Controls perimeter are allowed to call a private Cloud Function. That's the reason why a Private Service Connect endpoint is needed in this architecture.

The Terraform script in this folder will create two projects connected via VPN: one to simulate the on-prem environment and another containing the Cloud Function and the Private Service Connect endpoint.

The "on-prem" project contains a small VM that can be used to test the accessibility to the private Cloud Function:

curl https://YOUR_REGION-YOUR_PROJECT_ID.cloudfunctions.net/YOUR_FUNCTION_NAME

Variables

name	description	type	required	default
billing_account_id	Billing account id used as default for new projects.	string	✓
cloud_function_gcs_bucket	Google Storage Bucket used as staging location for the Cloud Function source code.	string	✓
projects_id	ID of the projects used in this solution.	object({...})	✓
root_node	Root folder or organization under which the projects will be created.	string	✓
create_projects	Whether need to create the projects.	bool		true
ip_ranges	IP ranges used for the VPCs.	object({...})		...
prefix	Prefix used for resources that need unique names.	string		null
psc_endpoint	IP used for the Private Service Connect endpoint, it must not overlap with the hub_ip_range.	string		10.100.100.100
region	Region where the resources will be created.	string		europe-west1
zone	Zone where the test VM will be created.	string		europe-west1-b

Outputs

name	description	sensitive
function_url	URL of the Cloud Function.