zecfoundation
/
cloud-foundation-fabric
mirror of https://github.com/ZcashFoundation/cloud-foundation-fabric.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
cloud-foundation-fabric/networking/private-cloud-function-from...
History
Ludovico Magnocavallo 262f823464
Refactor compute-vm to remove multiple instance support (#314) 
* first iteration, largely untested

* basic tests pass

* basic tests pass

* nic test

* disk tests, refactor

* fix tests

* update README

* update gcs to bq example

* fix README examples, do not create disks for template

* fix data solutions examples

* update cloud operations examples

* update networking examples, mig and ilb modules examples

* update default image to debian 11

* update README table
 		2021-10-04 10:46:44 +02:00
..
assets Networking examples: Improve "private cloud function from onprem" code 2021-07-20 07:52:54 +02:00
README.md implement Andrea's suggestions 2021-07-20 15:24:20 +02:00
diagram.png Simplify new CF from onprem via PSC example (#280) 2021-07-20 15:05:48 +02:00
main.tf Refactor compute-vm to remove multiple instance support (#314) 2021-10-04 10:46:44 +02:00
outputs.tf Update CI processes (#296) 2021-08-12 17:30:53 +02:00
variables.tf implement Andrea's suggestions 2021-07-20 15:24:20 +02:00

README.md

Calling a private Cloud Function from On-premises

This example shows how to invoke a private Google Cloud Function from the on-prem environment via a Private Service Connect endpoint.

According to the documentation, only requests from VPC networks in the same project or VPC Service Controls perimeter are allowed to call a private Cloud Function. That's the reason why a Private Service Connect endpoint is needed in this architecture.

The Terraform script in this folder will create two projects connected via VPN: one to simulate the on-prem environment and another containing the Cloud Function and the Private Service Connect endpoint.

The "on-prem" project contains a small VM that can be used to test the accessibility to the private Cloud Function:

curl https://YOUR_REGION-YOUR_PROJECT_ID.cloudfunctions.net/YOUR_FUNCTION_NAME

Cloud Function via Private Service Connect

Variables

name description type required default
project_id Project id. string
ip_ranges IP ranges used for the VPCs. object({...}) ...
name Name used for new resources. string cf-via-psc
project_create If non null, creates project instead of using an existing one. object({...}) null
psc_endpoint IP used for the Private Service Connect endpoint, it must not overlap with the hub_ip_range. string 172.16.32.1
region Region where the resources will be created. string europe-west1

Outputs

name description sensitive
function_url URL of the Cloud Function.