258 questions
0
votes
0
answers
46
views
How to Set Up Google Vertex AI Vector Search with Private Endpoint?
I'm trying to set up Google Vertex AI Vector Search using a private endpoint to ensure secure communication between my application and the index. I've already enabled the necessary APIs and created an ...
0
votes
0
answers
77
views
How to configure BGP on GCP Partner interconnect with terraform?
I'm trying following code!
resource "google_compute_router" "gcp_cloud_router" {
name = "router-1"
network = var.gcp_vpc_name
region = var.gcp_region
bgp {
...
- 1
0
votes
0
answers
53
views
Cloud Run times out when accessing PSC endpoint
So I have two Cloud Run Services - the first running in project A and sending traffic to VPC subnet1 and the second running in the project B that is only accepting internal traffic.
In order to send ...
- 1
1
vote
1
answer
194
views
No logs for the default-allow-icmp FW rule
I'm trying to catch and log the ICMP packets between 2 GCE instances. To do this I enabled logging for the default-allow-icmp rule:
Priority: 65534
Direction: Ingress
Action on match: Allow
Source ...
- 21
2
votes
1
answer
622
views
Cloud run Instance failed to start because permission was denied when creating an address in the subnetwork
I have been using Direct VPC egress in google cloud run since May 2, 2024 to access to Cloud SQL via private IP in the same network.
I have 2 environnments prod and staging, same configurations except ...
0
votes
1
answer
221
views
Is there any possibility Cloud Run is stripping, or malforming request headers coming from my frontend app?
I'm seriously grasping at straws here.
I have a cloud run app that acts as a basic api. It's ingress is set to all but it requires authentication.
I have a frontend app written in Angular that has a ...
- 534
0
votes
1
answer
178
views
Is it possible to access GCP metadata endpoint from Cloud Run instance?
I have a cloud run instance that I'm trying to use to communicate with another, secured Cloud Run instance.
The latter instance allows external traffic but can only be invoked by set service accounts.
...
- 534
-1
votes
2
answers
1k
views
How to list all the ip addresses in a Google cloud subnet?
I want list all the ip addresses that are used in a subnet and who is using them. I want to do that via the Google console (or gcloud command). Point is that I do not want to do a ping against all the ...
- 6,134
0
votes
1
answer
249
views
google cloud classic vpn to onprem. Neeto to NAT to public IP space the internal network
GCP Side
10.27.20.0/24 --> [public NAT] --> VPC Endpoint --> VPN TUNNEL <-- ONPREM Endpoint
I'm on the GCP side of this equation and need to NAT our 10.27.20.0/24 internal IP space to ...
0
votes
2
answers
149
views
Google Cloud Kubernetes auto-scaling of proxy with external IP
I want to deploy a proxy servers into my Google Cloud Kubernetes engine. The pod will listen to a specific ports and other deployments will use it proxy service to communicate with the internet.
In ...
- 6,923
0
votes
2
answers
2k
views
When managing GCP firewall policies / rules using terraform - how to know what the ID is?
I've been referring to this guide: https://cloud.google.com/blog/topics/developers-practitioners/hierarchical-firewall-policy-automation-terraform and, unless I'm reading wrong, it seems to start with ...
- 4,815
0
votes
1
answer
156
views
GCP: how to only use the VPN on some domains
I have setup a HA VPN between AWS VPC and GCP VPC, now I can access private resources on AWS from GCP, my question is, is it possible to only use the VPN for certain resources? using their domain name ...
0
votes
1
answer
478
views
Google Cloud Implied Firewall Rule Query
I need some clarification on an "implied allow egress rule" that is documented here https://cloud.google.com/firewall/docs/firewalls#default_firewall_rules
This egress rule states it allows &...
- 650
-1
votes
1
answer
869
views
Google Cloud: terraform / gcloud problem with google_service_networking_connection
I tried to create a "google_service_networking_connection" with terraform or gcloud tool.
But both options fail cause of Authentication Problems. What i don´t understand why I need the REST ...
0
votes
1
answer
51
views
Issue creating Service connection between network and cloud sql in google cloud
I am creating custom network and cloud SQL in Google Cloud. I am using module approach while creating.
below is my block of code of main.tf
module "network" {
source = "./cloudNetwork&...
- 179
1
vote
1
answer
490
views
Can a Google Cloud Function in one project connect to a Serverless VPC Connector in a different project?
Let's say a Google Cloud Function is running in project "foo", and we want it to use a VPC Connector in project "bar". Is that possible? The motivation is not to have to set up a ...
- 2,906
-1
votes
1
answer
302
views
Operation type [updateNetworkInterface] failed with message "IP 'X.X.X.X' is already being used by another resource
i have created a subnet in vpc network with subnet 192.168.0.248/29 ip in this subnet has not been used for any purpose but when i set static ip 192.168.0.254 error "This IP address is either in ...
1
vote
1
answer
910
views
Add Cloud Armor To Cross-Project Backend Services
I have an external regional load balancer running on a shared VPC in project A and have backend services attached to it from project B and C. I would like to add Cloud Armor to my Cross-project ...
- 309
0
votes
1
answer
835
views
How to allow TCP traffic in GCP Cloud Run?
I've built a Go binary for handling SSH traffic. And deployed it to Cloud Run.
Looks like cloud run allows only HTTP traffic, and my attempts to connect via ssh -p 80 ***.run.app fails.
How to allow ...
- 3,678
-1
votes
1
answer
582
views
Which IPs can't be used in a GCP virtual network?
I've tried searching this question in different ways and can't seem to find the documentation. I think it's the first 2 and the last one, but I'm also thinking there's maybe 4 IP addresses that can't ...
- 39
4
votes
1
answer
831
views
Google Cloud unknown "Storage PD Capacity" charges
Recently, a charge for "Storage PD Capacity" started showing up in Google Cloud. According to the charge, I'm using 7.27 GiB somewhere even though I don't directly use any VMs or Storage ...
- 1,233
3
votes
1
answer
943
views
Is it possible to route Google Cloud Functions egress traffic through multiple rotating IPs?
My app uses a Cloud Function (2nd gen), running multiple instances and triggered by PubSub, to make outbound requests to customers sites (essentially for synthetic monitoring).
However, the platform ...
- 394
-1
votes
1
answer
340
views
Sharing the same egress IP address across multiple different projects?
We have our project hosted in GCP. Now we setup separate projects for some of our customers with exact same configuration with our current project but with different VPC (some customers want single-...
- 1,492
0
votes
1
answer
116
views
Communication between subnetwork and another subnetwork secondary IPv4
Here is my network problem on GCP :
VPC : "main"
Subnetwork : "VPN" 10.0.2.0/24
Subnetwork : "kube" 10.52.0.0/16
Secondary IPv4 ranges for "kube" : "gke-...
- 369
0
votes
1
answer
205
views
Migrate legacy network to custom VPC - Google Colud
I need to convert my single-region Google cloud legacy network to a VPC network.
I have tried both single-region conversion tool and the GKE network conversion script
In both I receive the following ...
- 29
-1
votes
1
answer
345
views
Do we need to Peer every Data fusion instance to the Shared VPC ? How to avoid the 25 peering limitation
Use Case : Using GCP Data Fusion as an ETL for customers
Source and Resources : My resources are on a shared VPC ( dataproc and runtime for data fusion on subnets taken from this shared VPC )
Based on ...
- 173
15
votes
1
answer
2k
views
Google is blocking traffic because it detects automated queries
When I try to access my website deployed on Google Cloud I receive the following error page:
We're sorry...
... but your computer or network may be sending automated queries. To
protect our users, we ...
- 835
0
votes
1
answer
411
views
Google Cloud Firewall: is there an option to filter outside Google traffic
From what I understood from pricing, traffic from outside Google Cloud is free, traffic to inside Google Cloud is free, but traffic to outside Google Cloud is not.
So I think the realistic question is ...
- 1,553
0
votes
2
answers
2k
views
How to make Python packages in a Artifact Registry available to Vertex AI Custom Jobs?
I started working with Vertex AI and tried to create a custom job.
The requirements.txt file contains:
--extra-index-url https://europe-west4-python.pkg.dev/.../europe-west4-python/simple
my_package1==...
- 778
0
votes
0
answers
802
views
Can you wildcard route paths to multiple backends in Google API Gateway?
I'm trying to use Google API Gateway as the entry point for multiple backend services. The services have common endpoints, like /api/data that conflict with one another. I would like to pre-pend an ...
- 835
0
votes
1
answer
1k
views
How to connect on-prem server to Google Cloud SQL over private IP, where private IP conflicts with local subnet?
I am trying to connect my Cloud SQL to my on-prem MySQL server, via private IP. I have a Dedicated Interconnect established between on-prem and the Shared VPC that "hosts" the Cloud SQL.
...
- 77
0
votes
1
answer
964
views
Create a Compute Engine with the internet access by using Terraform
Running the following terraform gcp project i can see the machines do communicate with each other but no internet, machines looks to resolve the domains but not able to ping them. I am adding internal ...
- 361
0
votes
1
answer
2k
views
Allowing cloud run service with internal traffic ingress to be accessible in other projects
I have an API launched on a cloud run service in project dev. I don't want to expose the API so I set it's ingress to Allow internal and Cloud load balancing traffic.
I have another cloud run frontend ...
0
votes
2
answers
156
views
Is it Possible to Invoke Cloud Run with Gmail-Auth?
I want to ask a conceptional question and take advices about possible system design if possible.
The plan is basically authenticating specific Gmail users to use my serverless backend application. I'm ...
- 95
2
votes
1
answer
1k
views
How to enable Private Google Access for Source Repositories
I have Private Google Access enabled on the Default network and and I can pull artifacts from Artifact Registry from a VM with no external IP address just fine
However I can't seem to access Source ...
- 635
0
votes
2
answers
712
views
How to interconnect GCP with Oracle cloud?
I want to connect GCP infrastructure with OCI infrastructure so that all the services can communicate on the private network instead of allowing public IP which the traffic get comes.
as per my ...
- 125
0
votes
1
answer
1k
views
Routing traffic to specific VM's via load balancer on GCP
I am new to Google Cloud Platform and advanced networking in general but I have been tasked with setting up an external HTTPS load balancer that can forward internet traffic to 2 separate Virtual ...
- 39
1
vote
0
answers
117
views
How Google Cloud determines which packet should route to Premium network tier/Standard tier?
Google mentions that
Premium Tier delivers traffic from external systems to Google Cloud resources by using Google's low latency, highly reliable global network. This network consists of an extensive ...
- 708
2
votes
1
answer
4k
views
Unable to SSH into my Compute Engine VM instance on Google Cloud
I am trying to SSH into my compute engine VM instance on Google Cloud.
I am following the instructions to set up a regional external HTTP(S) load balancer with VM instance group backends
I have ...
- 481
1
vote
1
answer
1k
views
Gcloud LoadBalancer: change Google Managed certificate without downtime
I intend to use Gcloud managed certificate. The way it works is that I already have a custom certificate managed by Let's Encrypt, which is assigned to my LoadBalancer. Now I want to swich to the ...
- 3,149
0
votes
1
answer
361
views
How to connect to the load balancer using the service label?
I have set up an internal TCP/UDP load balancer with VM instance group backends.
I am on the section that relates to Test connection from client VM.
Here, I don't quite understand the last step, which ...
- 481
0
votes
1
answer
534
views
Unable to update the service label for the load balancer forwarding rule
I have created a load balancer forwarding rule without a service label.
Now I am trying to add a service label to the load balancer forwarding rule by running the following commands, but none of them ...
- 481
0
votes
1
answer
303
views
Connect Google Cloud SQL instance to external replica via VPN
We have a (route based) VPN between our data center and Google Cloud. I'm trying to set up a replica of one of our on-prem databases in Google Cloud.
With current setup, Google Cloud SQL instance is ...
- 23
0
votes
1
answer
177
views
Do not understand the text in health check
I am looking at the following page where it says:
Sum over backend services. If a backend is used by multiple backend services, the backend instances are contacted as frequently as the sum of ...
- 481
1
vote
1
answer
533
views
Can't set PTR record for IPv6 address for Google Cloud VM
I have a Google Cloud Compute Engine VM, it has a public ipv4 IP and a public external ipv6 IP.
In the console, I input the PTR record: blabla.mywebsite.com. (the domain is already verified) both for ...
- 21
-2
votes
1
answer
783
views
has anyone managed to create a Reverse DNS Zone on GCP -?
Just created a Reverse DNS Managed Zone as mentioned here - https://cloud.google.com/dns/docs/zones/managed-reverse-lookup-zones - How do we add VM IPs ? with Terraform - Since the Reverse DNS Zone ...
4
votes
1
answer
2k
views
CloudRun can't make outbound http(s) requests - Timeout
I'm having a hard time debugging why cloudrun is not allowed to make outbound HTTP to the public internet.
My setup follows a simple Global loadbalancer (Classic) -> CloudRun, Using a custom VPC ...
- 5,957
2
votes
2
answers
3k
views
Is it possible to have the Cloud shell and the VM within the same VPC?
I want to have the google Cloud Shell and the VM within the same VPC, so that I can access the windows VM via its internal IP address. I setup a Serveless VPC access connector so that I can access the ...
- 333
0
votes
1
answer
928
views
Is Serverless VPC connector a solution to connect my app engine to a VM within the same project in GCP?
I want to access a REST server that is hosted locally in a windows virtual machine (VM) in a GCP project. Also, the VPC network within my GCP project has a VPN tunnel with an external client. I plan ...
- 333
-1
votes
3
answers
3k
views
How can I get a DNS name for a GCE instance
I have a Google Compute Engine instance which is uniquely identified:
name: updateservice
zone: us-central1-a
project: myproject
is there a way to access the instance via DNS name? Otherwise I need ...
- 1,102