无法从应用引擎访问 Google 云功能(带入口控制) [英] Google cloud functions not accessible from app engine (with ingress controls)

问题描述

我有一个通过 Google Cloud 托管的 API.API 的主要入口点是 App Engine 实例(标准)，然后需要能够调用各种云函数来执行其任务.

I have an API that I host through Google Cloud. The main entry point for the API is an App Engine instance (standard), which then needs to be able to call various cloud functions to execute its tasks.

为了使云功能安全，我想将入口控制设置为仅允许内部使用".

To make the cloud functions secure, I want to set the ingress controls to "Allow internal only".

我已将云函数和 App Engine 部署在同一区域 (us-central1)，但每次 App Engine 实例尝试调用云函数时，都会收到 403 错误.我已尝试为 App Engine 设置 VPC 连接器，但没有帮助.

I've deployed the cloud functions and the App Engine in the same region (us-central1), but every time the App Engine instance tries to call a cloud function, it gets a 403 error. I've tried setting up a VPC connector for the App Engine, but that isn't helping.

这是 app.yaml 文件:

Here's the app.yaml file:

service: my-test-app

runtime: nodejs10

env_variables:
    STAGE: "dev"

instance_class: F1

vpc_access_connector:
    name: "projects/my-test-project/locations/us-central1/connectors/test-vpc-connector"

关键的云功能配置是Ingress Setting.我已将其设置为仅允许内部流量.如果我将其设置为允许所有流量，则一切正常(只是非常不安全！)

The key cloud function configuration is the Ingress Setting. I have it set to Allow internal traffic only. If I set it to Allow all traffic, everything works (just highly insecure!)

对我可能遗漏的内容有什么建议吗?

Any suggestions on what I might be missing?

推荐答案

我找到了解决方案！如果我将 App Engine 设置为 flex 环境，则一切正常.看起来标准环境是问题所在.

I found the solution! If I set the App Engine to a flex environment, everything works. It looks like the standard environment was the issue.

这篇关于无法从应用引擎访问 Google 云功能(带入口控制)的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！