Google Cloud-Google Cloud功能的出口IP/NAT/代理 [英] Google Cloud - Egress IP / NAT / Proxy for google cloud functions

问题描述

我正在为我的公司建立一个数据提取层，在那里我有很多不同的集成点(其余api).

I'm building a data ingestion layer for my company where I have a lot of different integration points (rest apis).

某些API要求您从列入白名单的IP进行连接.

Some of the API's require you to connect from a whitelisted IP.

由于它的可扩展性和降低的成本，我真的很想使用google cloud功能/pubsub来构建提取逻辑.

I'd really like to use google cloud functions / pubsub to build the ingestion logic because of it's scalability and reduced cost.

但是问题是，谷歌云功能总是从随机ips连接，对此我们无能为力，对此问题的答案是:

But the problem is that google cloud functions always connect from random ips and there is nothing we can do about that, as is answered in this question: Possible to get static IP address for Google Cloud Functions?

所以我的问题是:有没有一种代理/nat云功能，使其来自一组静态ip的方法?

So my question is: Is there a way to proxy / nat cloud functions so that they come from a set of static ips?

推荐答案

现在可以通过配置Cloud Functions特别是

This is now possible via configuring network settings for Cloud Functions particularly Egress Settings.

来自官方文档:

通过控制台:

1. 在云控制台中打开功能概述"页面
2. 单击创建功能.或者，单击现有功能以转到其详细信息页面，然后单击编辑"
3. 通过单击环境变量"，网络"，超时"等来扩展高级设置.
4. 在网络"部分的出口设置"下，选择无服务器VPC访问"连接器.
5. 根据您要如何通过连接器路由出站流量，选择适当的出口设置.

通过gcloud:

gcloud functions deploy FUNCTION_NAME \
--vpc-connector CONNECTOR_NAME \
--egress-settings EGRESS_SETTINGS \
FLAGS...

其中:

FUNCTION_NAME 是您的函数的名称. CONNECTOR_NAME 是要使用的无服务器VPC访问连接器的名称.有关更多信息，请参见gcloud文档.

FUNCTION_NAME is the name of your function. CONNECTOR_NAME is the name of the Serverless VPC Access connector to use. See the gcloud documentation for more information.

注意:如果要更新出口，则可以省略--vpc-connector标志 已有连接器的现有功能上的设置.

Note: You can omit the --vpc-connector flag if you are updating egress settings on an existing function that already has a connector.

EGRESS_SETTINGS 是出口设置受支持的值之一:请参阅

EGRESS_SETTINGS is one of the supported values for egress settings: see gcloud documentation.

标志 ...是指您传递给deploy命令的其他标志.

FLAGS... refers to other flags you pass to the deploy command.

根据您要通过连接器路由出站流量的方式选择适当的出口设置.

Select the appropriate egress setting based on how you want to route outbound traffic through the connector.

此后，您只需要

1. 设置云NAT 和
2. 为NAT指定静态IP地址.

1. Set up Cloud NAT and
2. Specify a static IP address for NAT.

创建云NAT:

gcloud compute routers nats create nat-config \
    --router=nat-router \
    --auto-allocate-nat-external-ips \
    --nat-all-subnet-ip-ranges \
    --enable-logging

指定IP地址:

gcloud compute routers nats create nat-config \
    --router=nat-router \
    --nat-external-ip-pool=ip-address1,ip-address2

这篇关于Google Cloud-Google Cloud功能的出口IP/NAT/代理的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！