我正在尝试为我们的 Cloud Run 实例分配一个外部静态 IP 地址,以便我可以将它与 websockets 一起使用(我读过它需要一个静态 IP 才能工作,而不是自指定/负载平衡的 GCloud应用程序域名)。可以访问常规 URL,但静态 IP 只是挂起。
我主要尝试遵循本指南: https ://cloud.google.com/run/docs/configuring/static-outbound-ip
我不完全确定外部 IP 是如何路由到 Cloud Run 实例的,因为它是一个自我管理的实例(即上面没有私有 IP 地址),但假设其他部分正在解决这个问题。 .
我做了什么:
- 创建了一个云路由器:
gcloud compute routers create cloud-run-router --network=default --region=us-central1
- 创建外部静态 IP:
gcloud compute addresses create cloud-run --region=us-central1
- 我还在网络上创建了一个子网:
gcloud compute networks subnets create cloud-run-subnet --range=10.20.0.0/28 --network=default --region=us-central1
- 然后我用这个子网创建了一个无服务器 VPC 访问连接器:
gcloud beta compute networks vpc-access connectors create cloud-run-sub-conn --subnet-project=project-name --subnet=cloud-run-subnet --region=us-central1
- 然后我用这个路由器和子网创建了一个新的 Cloud NAT 网关:
gcloud compute routers nats create cloud-run-nat --router=cloud-run-router --region=us-central1 --nat-custom-subnet-ip-ranges=cloud-run-subnet --nat-external-ip-pool=cloud-run
我还设置了一些防火墙规则,以尝试允许一切:
然后,我部署了引用 VPC 出口和连接器的 Cloud Run 实例:
gcloud beta run deploy api-node --image gcr.io/project-name/api-node:latest --platform managed --allow-unauthenticated --set-env-vars REDISHOST='10.0.0.4',REDISPORT=6379,GOOGLE_APPLICATION_CREDENTIALS=credentials.json --set-cloudsql-instances=project-name:us-central1:mysql-db --vpc-egress=all --vpc-connector=cloud-run-sub-conn
Service [api-node] revision [api-node-00035-waw] has been deployed and is serving 100 percent of traffic.
Service URL: https://api-node-ojzumfbnoq-uc.a.run.app
出于某种原因,Cloud Run 实例仍可通过自指定 url 访问: https ://api-node-ojzumfbnoq-uc.a.run.app/
...但外部 IP 不起作用: http: //104.197.97.194/ https://104.197.97.194/ http://104.197.97.194:8080/ https://104.197.97.194:80/
Cloud Run 服务 yaml 文件如下所示:
gcloud run services describe api-node --format export > service.yaml
apiVersion: serving.knative.dev/v1
kind: Service
metadata:
annotations:
client.knative.dev/user-image: gcr.io/project-name/api-node
run.googleapis.com/ingress: all
run.googleapis.com/ingress-status: all
run.googleapis.com/launch-stage: BETA
labels:
cloud.googleapis.com/location: us-central1
name: api-node
namespace: '938045200399'
spec:
template:
metadata:
annotations:
autoscaling.knative.dev/maxScale: '1000'
autoscaling.knative.dev/minScale: '4'
client.knative.dev/user-image: gcr.io/project-name/api-node
run.googleapis.com/client-name: gcloud
run.googleapis.com/client-version: 329.0.0
run.googleapis.com/cloudsql-instances: project-name:us-central1:mysql-db
run.googleapis.com/sandbox: gvisor
run.googleapis.com/vpc-access-connector: cloud-run-sub-conn
run.googleapis.com/vpc-access-egress: all
name: api-node-00034-xah
spec:
containerConcurrency: 250
containers:
- env:
- name: REDISHOST
value: 10.0.0.4
- name: REDISPORT
value: '6379'
- name: GOOGLE_APPLICATION_CREDENTIALS
value: credentials.json
image: gcr.io/project-name/api-node
ports:
- containerPort: 8080
resources:
limits:
cpu: '4'
memory: 2Gi
serviceAccountName: cloud-functions@project-name.iam.gserviceaccount.com
timeoutSeconds: 20
traffic:
- latestRevision: true
percent: 100
这是我的 Dockerfile,如果有帮助的话:
# Use the official lightweight Node.js 12 image.
# https://hub.docker.com/_/node
FROM node:12-slim
# Create and change to the app directory.
WORKDIR /usr/src/app
ENV REDISHOST='10.0.0.4'
ENV REDISPORT=6379
ENV GOOGLE_APPLICATION_CREDENTIALS=credentials.json
ENV PORT=80
# Copy application dependency manifests to the container image.
# A wildcard is used to ensure copying both package.json AND package-lock.json (when available).
# Copying this first prevents re-running npm install on every code change.
COPY package*.json ./
# Install production dependencies.
# If you add a package-lock.json, speed your build by switching to 'npm ci'.
# RUN npm ci --only=production
RUN npm install --only=production
# Copy local code to the container image.
COPY . ./
EXPOSE 80/tcp
EXPOSE 8080/tcp
EXPOSE 9001/tcp
# Run the web service on container startup.
CMD [ "node", "build/index.js" ]
有没有人看到上述步骤有什么问题?将不胜感激任何帮助!搞了几天。