This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Calling a Google Cloud function from an Apigee reverse proxy in the same project

Posted on 09-04-2024 09:45 AM
mark_jones_ebm
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi,

We're new to Apigee and we're just trying to test out how we simply want to point a reverse proxy to my target Google Cloud Function).  It can't reach my target even though it is in the same project.

I have seen another thread on this but it was not answered.  Can somebody help please?

Many thanks in advance! 

0 8 580
Topic Labels
0 Likes
8 REPLIES 8

Posted on --/--/---- --:-- AM
ssvaidyanathan
Staff
Reply posted on --/--/---- --:-- AM

@mark_jones_ebm 

Few clarifying questions:

  1. Is the Cloud Function v1 or v2?
  2. How is your Cloud Function exposed? Is it public or internal?

If you are using v1 and your Cloud Function is public, then you can control access to it using IAM. With service accounts, you can control the calls to Cloud Function. Here is a sample of Apigee integrating with Cloud Function that is protected using IAM (service accounts). Apigee performs Google Auth using the service account (impersonation) and hits the Cloud Function.

Posted on --/--/---- --:-- AM
mark_jones_ebm
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi,

If you mean gen 1 or gen 2 cloud functions, we are using gen 2.  We can switch to gen 1 if it makes things easier?

Thanks

0 Likes

Posted on --/--/---- --:-- AM
ssvaidyanathan
Staff
In response to mark_jones_ebm
Reply posted on --/--/---- --:-- AM

Yeah sorry - I meant to ask if it was Gen 1 or Gen 2 🙂

0 Likes

Posted on --/--/---- --:-- AM
mark_jones_ebm
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Also important to stress that Apigee and the cloud functions are in the same project (if relevant).

0 Likes

Posted on --/--/---- --:-- AM
ssvaidyanathan
Staff
In response to mark_jones_ebm
Reply posted on --/--/---- --:-- AM

Since its Gen 2, its powered by Cloud Run. You can provision an Internal Load Balancer and use a Serverless NEG as the backend. The NEG will be pointing to the Cloud Run service you deployed (Cloud Function Gen 2). Once thats done, the Internal Load Balancer is now part of the same peered network as Apigee, so it should be able to talk to it directly using Internal IPs.

Something like the diagram below

Apigee to Cloud Run Connectivity Patterns.png

The other option is to basically have the function expose over internet and control access using IAM and have Apigee do the impersonation while hitting it. Like the sample here

Posted on --/--/---- --:-- AM
Hilda_Arteaga
Staff
In response to ssvaidyanathan
Reply posted on --/--/---- --:-- AM

Hey @ssvaidyanathan thanks for your assistance on helping covering these questions

We hope you find the information helpful @mark_jones_ebm. Remember you can provdie a Like or mark an aswer as "Solved" to help others to better identify key information

0 Likes

Posted on --/--/---- --:-- AM
stdedwin
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

So  is Apigee unable to call directly the Cloud function gen2 even if both components are in the same project?

0 Likes

Posted on --/--/---- --:-- AM
ssvaidyanathan
Staff
In response to stdedwin
Reply posted on --/--/---- --:-- AM

You can if you can expose the function using an Internal Load Balancer (with Serverless NEG as the backend to the cloud function)

0 Likes
Top Solution Authors
View all