Calling Cloud Function from App Engine Java
172 views
Skip to first unread message
Anatoli Trifonov
Jun 15, 2021, 3:00:08 AM6/15/21
to Google App Engine
I would like to confirm that App Engine Java Standard can not connect to Google Cloud Function if function is configured to accept only local traffic
--ingress-settings=internal-only
Could someone confirm please or share the link on how to connect?
Java App and Function are in the same Google Project.
Java Flex can connect but Flex runtime is limited to Java 8, I need 11.
What are my options if I need to connect to google cloud function from App Engine Java 11?
Thank you
A
goya
Jun 15, 2021, 8:02:48 AM6/15/21
to Google App Engine
To be able to access your internal only function, the requests need to come from a VPC network in the same project. App Engine Flex and Standard connect differently to VPC networks:
For App Engine flex you just need to set the network settings in the app.yaml file.
On the other hand, standard needs to use Serverless VPC Access [1]. For this, you need to create a Serverless VPC Access connector and then configure App Engine to use it to connect to the VPC network.
[1]: https://cloud.google.com/vpc/docs/configure-serverless-vpc-access
Anatoli Trifonov
Jun 15, 2021, 12:04:44 PM6/15/21
to Google App Engine
Thank you. I will have a look.
Anatoli Trifonov
Jun 15, 2021, 10:31:05 PM6/15/21
to Google App Engine
This does not seem to be working for connection from Java standard App Engine to Cloud Function.
I created VPC Access Connector. Enabled it in my Java App Standard Engine application. Deployed function with vpc access connector.
Java App still gets error 403 when connecting to function.
I know that vpc connector "works" because java application does not connect to Cloud SQL without it.
Is this supposed to work for App Engine Standard to Cloud Function connection?
Serverless VPC Access connector does not have anything fancy in it. It is simply configured for range 10.16.0.0/28 and region us-central1
Firewall rules should not be needed since everything connects to default us-central1 VPC Network.
What else can I try? What else can I look at?
All help is greatly appreciated.
Jordi (Google Cloud Platform Support)
Jun 22, 2021, 4:34:36 AM6/22/21
to Google App Engine
Hello, after reproducing your scenario, we are faced with the same 403 error when triggering the Cloud Function from App Engine Standard.
We tried to create a VPC Access Connector [1] to achieve it but it is not possible because requests must use the external address of your serverless service. [2]
It is possible to connect App Engine or Cloud Functions to other resources but not between them. [3]
It is possible to connect App Engine or Cloud Functions to other resources but not between them. [3]
That is why we have created a Feature Request [4] to implement this. You will be able to see all the updates made by the specialist there. You can add it to favorites by clicking the star icon. This way, you will receive mail updates.
[1] https://cloud.google.com/vpc/docs/configure-serverless-vpc-access
[2] https://cloud.google.com/vpc/docs/serverless-vpc-access#:~:text=serverless%20vpc%20access%20only%20allows%20requests%20to%20be%20initiated%20by%20the%20serverless%20environment.%20
[3] https://cloud.google.com/vpc/docs/private-access-options?&_ga=2.117117062.-1673936480.1621885978#supported_services
[1] https://cloud.google.com/vpc/docs/configure-serverless-vpc-access
[2] https://cloud.google.com/vpc/docs/serverless-vpc-access#:~:text=serverless%20vpc%20access%20only%20allows%20requests%20to%20be%20initiated%20by%20the%20serverless%20environment.%20
[3] https://cloud.google.com/vpc/docs/private-access-options?&_ga=2.117117062.-1673936480.1621885978#supported_services
Reply all
Reply to author
Forward
0 new messages