Google Cloud Functions static IP
6,092 views
Skip to first unread message
niztal
Mar 13, 2017, 9:51:40 AM3/13/17
to Firebase Google Group
Hi,
Is it available to make my google cloud functions run over static IP?
Another question, regarding the global availability. How can I make my functions global available so my users will get routed to the closes zone? I guess it's via CDN or something.
Thanks,
Nitzan@Tismo.
James Daniels
Mar 13, 2017, 2:42:42 PM3/13/17
to Firebase Google Group
Cloud Functions do not have static IP options. What's your use case?
Global availability + routing is not supported for beta but the GCF team knows it's desired. Keep an eye out for this as the product matures.
niztal
Mar 13, 2017, 6:15:19 PM3/13/17
to Firebase Google Group
Hi James,
my use case for static IP is that my cloud function should get triggered by real time database event, but some of my function's logic is to refer to a 3rd parth API, get some data from it and move on to my business logic. The 3rd API company maintains some kind of IPs white list and therefore it needs to be called only by known static IPs.
Thanks,
Nitzan.
Kato Richardson
Mar 14, 2017, 1:56:31 PM3/14/17
to Firebase Google Group
Nitzan,
Unfortunately, that is pretty much orthogonal to the idea of a scalable, cloud-based product like Functions. To achieve scale and redundancy, we need to allocate and deallocate services on demand, and can't reserve specific IPs.
If this is a critical service and there are no alternatives, I wonder if you could spin up an nginx or express service, living at a static IP, and proxy the requests on to the third party service? Again, this probably reduces scale and flexibility, not to mention the burden of an additional stack for this, but it might be a workaround.
☼, Kato
--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/17dd3c04-b988-4df7-be3e-afa902494b15%40googlegroups.com.
niztal
Mar 15, 2017, 10:19:13 AM3/15/17
to Firebase Google Group
Thanks Kato, I understand what you say and the workaround you've proposed is exactly what we do unfortunately :(
One last question, it will be fine by me even to get list of X static IPs that my cloud functions domain may have. Isn't that an option as well?
Thanks anyway.
Kato Richardson
Mar 15, 2017, 1:24:31 PM3/15/17
to Firebase Google Group
That's not an option, sorry. You can read more on app engine and static IPs here.
--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-talk+unsubscribe@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/03e7c14c-6d85-478d-abc8-113cd4311459%40googlegroups.com.
Kato Richardson
Mar 15, 2017, 1:26:58 PM3/15/17
to Firebase Google Group
Oops, fat fingered that and accidentally sent before I was done.
Note that you can reverse lookup the IP ranges for all of app engine, as noted at that link.
App Engine's current range of outgoing IP addresses are encoded in the sender policy framework (SPF) record of _cloud-netblocks.googleusercontent.com. You may need to recursively perform DNS SPF lookups to resolve the entire list of IP ranges. Start by resolving _cloud-netblocks.googleusercontent.com as follows:
I don't know the intricacies of the Functions framework and whether it's guaranteed to adhere to the public range. I can't see why it wouldn't; I'm just not sure how to confirm that.
I hope that helps!
☼, Kato
Laurent Pellegrino
May 25, 2017, 10:25:28 AM5/25/17
to Firebase Google Group
Kato,
Amazon Lambda allows executing functions inside a VPC. Thus, as you suggested in a previous answer, it is possible to create a gateway that proxies all outbound connections:
Can we expect something similar in the next few months for people who require GCF to perform outgoing calls that are accepted from whitelisted IP addresses only?
Kind Regards,
Laurent Pellegrino
Le mercredi 15 mars 2017 18:26:58 UTC+1, Kato Richardson a écrit :
Oops, fat fingered that and accidentally sent before I was done.Note that you can reverse lookup the IP ranges for all of app engine, as noted at that link.App Engine's current range of outgoing IP addresses are encoded in the sender policy framework (SPF) record of _cloud-netblocks.googleusercontent.com. You may need to recursively perform DNS SPF lookups to resolve the entire list of IP ranges. Start by resolving _cloud-netblocks.googleusercontent.com as follows:I don't know the intricacies of the Functions framework and whether it's guaranteed to adhere to the public range. I can't see why it wouldn't; I'm just not sure how to confirm that.I hope that helps!☼, Kato
On Wed, Mar 15, 2017 at 10:24 AM, Kato Richardson <kato...@google.com> wrote:
That's not an option, sorry. You can read more on app engine and static IPs here.
On Wed, Mar 15, 2017 at 3:16 AM, niztal <nitza...@gmail.com> wrote:
Thanks Kato, I understand what you say and the workaround you've proposed is exactly what we do unfortunately :(One last question, it will be fine by me even to get list of X static IPs that my cloud functions domain may have. Isn't that an option as well?Thanks anyway.
--
You received this message because you are subscribed to the Google Groups "Firebase Google Group" group.
To unsubscribe from this group and stop receiving emails from it, send an email to firebase-tal...@googlegroups.com.
To post to this group, send email to fireba...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/firebase-talk/03e7c14c-6d85-478d-abc8-113cd4311459%40googlegroups.com.
--
Reply all
Reply to author
Forward
0 new messages