Cloud Run accessing Cloud SQL with Serverless VPC Connector

Cloud Run accessing Cloud SQL

On Mar 18, 2021, there was a great announcement from Google Cloud Platform on Serverless VPC Access General Availability for Shared VPC which allows Cloud Functions, Cloud Run (fully managed) services, and App Engine standard environment apps to access resources in a VPC network using those resources’ private IPs.

We at Evonence were super excited about this feature and used it in one of our recent implementations where a few Cloud Run Services needs to interact with Private Cloud SQL for PostgreSQL (instances with Private IP only) was enabled simply by provisioning Serverless VPC Connector with zero code change.

Prerequisite 

You have an existing containerized Web application that interacts with Cloud SQL or uses this Cloud Run Cloud SQL from Google Cloud Platform Github 

The game starts now...

Make sure you have a GCP Project with Billing enabled and APIs like Compute Engine Serverless VPC Access, Cloud Run, Service Network API, and so on are enabled



  1. Create a Serverless VPC Connector as shown below

Google cloud Platform VPC network



2. Create a Cloud SQL for PostgreSQL Instance with Private address




creation of Private connection
SQL instances


3. Create a database named election

creation of database


4. Create a SQL file say election.sql with the following content

CREATE TABLE IF NOT EXISTS votes

( vote_id SERIAL NOT NULL, time_cast timestamp NOT NULL,

candidate VARCHAR(6) NOT NULL, PRIMARY KEY (vote_id) );

CREATE TABLE IF NOT EXISTS totals

( total_id SERIAL NOT NULL, candidate VARCHAR(6) NOT NULL,

num_votes INT DEFAULT 0, PRIMARY KEY (total_id) );

INSERT INTO totals (candidate, num_votes) VALUES ('TABS', 0);

INSERT INTO totals (candidate, num_votes) VALUES ('SPACES', 0);

5. Create a Standard Region Cloud Storage Bucket like shown below

Standard Region Cloud Storage Bucket

6. Import  data from Cloud Storage

Import  data from Cloud Storage


7. Launch Cloud Shell and clone Serverless-Expeditions GitHub repo using this command git clone https://github.com/GoogleCloudPlatform/serverless-expeditions.git

8. Change directory cd serverless-expeditions/cloud-run-cloud-sql/

9. Run gcloud builds submit -t gcr.io/$DEVSHELL_PROJECT_ID/cloudrun/serverless-app:v1.0 to build and push a container image to Google Container Registry using Cloud Build. Do check out our recent blog on Automate “Cloud Run” Build & Deployment with Approval using “Cloud Build”

10. After successful build go to Google Container Registry and click on container image and click on Deploy to Cloud Run

Deploying to CloudRun


11. In Cloud Run click on Advanced Settings → Variables & Secrets and add the below variables

Advance setting in CloudRun


12. Then click on Advanced Settings → Connections and select the Serverless VPC Connector provisioned in Step #1

Serverless VPC Connector


13. Since the application will be accessible publicly enable “Allow unauthenticated invocations

Creating new event based trigger


14. Click on the Cloud Run Service URL

Cloud Run Service

and you will see a page like this and start voting...

Tabs VS Spaces

Benefits

  1. Serverless VPC Access sends internal traffic from your VPC network to your serverless environment only when that traffic is a response to a request that was sent from your serverless environment through the Serverless VPC Access connector.

  2. The entire implementation is created without any subnet or firewall rules.

Conclusion

Serverless VPC Access makes it possible for you to connect directly to your Virtual Private Cloud network from serverless environments such as Cloud Run, App Engine, or Cloud Functions. Configuring Serverless VPC Access allows your serverless environment to send requests to your VPC network using internal DNS and internal IP addresses (as defined by RFC 1918 and RFC 6598).

Previous
Previous

BigQuery Cost Optimization Tips - Partitioning a Regular BQ Table from a Public Dataset

Next
Next

Automate “Cloud Run” Build & Deployment with Approval using “Cloud Build”