50 lines
2.7 KiB
Markdown
50 lines
2.7 KiB
Markdown
# Calling a private Cloud Function from On-premises
|
|
|
|
This example shows how to invoke a private Google Cloud Function from the on-prem environment via a Private Service Connect endpoint.
|
|
|
|
According to the [documentation](https://cloud.google.com/functions/docs/networking/network-settings#ingress_settings), only requests from VPC networks in the same project or VPC Service Controls perimeter are allowed to call a private Cloud Function. That's the reason why a Private Service Connect endpoint is needed in this architecture.
|
|
|
|
The Terraform script in this folder will create two projects connected via VPN: one to simulate the on-prem environment and another containing the Cloud Function and the Private Service Connect endpoint.
|
|
|
|
The "on-prem" project contains a small VM that can be used to test the accessibility to the private Cloud Function:
|
|
|
|
```bash
|
|
curl https://YOUR_REGION-YOUR_PROJECT_ID.cloudfunctions.net/YOUR_FUNCTION_NAME
|
|
```
|
|
|
|
![Cloud Function via Private Service Connect](diagram.png "High-level diagram")
|
|
<!-- BEGIN TFDOC -->
|
|
|
|
## Variables
|
|
|
|
| name | description | type | required | default |
|
|
|---|---|:---:|:---:|:---:|
|
|
| [project_id](variables.tf#L44) | Project id. | <code>string</code> | ✓ | |
|
|
| [ip_ranges](variables.tf#L17) | IP ranges used for the VPCs. | <code title="object({ onprem = string hub = string })">object({…})</code> | | <code title="{ onprem = "10.0.1.0/24", hub = "10.0.2.0/24" }">{…}</code> |
|
|
| [name](variables.tf#L29) | Name used for new resources. | <code>string</code> | | <code>"cf-via-psc"</code> |
|
|
| [project_create](variables.tf#L35) | If non null, creates project instead of using an existing one. | <code title="object({ billing_account_id = string parent = string })">object({…})</code> | | <code>null</code> |
|
|
| [psc_endpoint](variables.tf#L49) | IP used for the Private Service Connect endpoint, it must not overlap with the hub_ip_range. | <code>string</code> | | <code>"172.16.32.1"</code> |
|
|
| [region](variables.tf#L55) | Region where the resources will be created. | <code>string</code> | | <code>"europe-west1"</code> |
|
|
|
|
## Outputs
|
|
|
|
| name | description | sensitive |
|
|
|---|---|:---:|
|
|
| [function_url](outputs.tf#L17) | URL of the Cloud Function. | |
|
|
|
|
<!-- END TFDOC -->
|
|
|
|
## Test
|
|
|
|
```hcl
|
|
module "test" {
|
|
source = "./fabric/blueprints/networking/private-cloud-function-from-onprem/"
|
|
project_create = {
|
|
billing_account_id = "123456-ABCDEF-123456"
|
|
parent = "folders/1234567890"
|
|
}
|
|
project_id = "test-project"
|
|
}
|
|
# tftest modules=11 resources=44
|
|
```
|