This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Composer 3 - Call Internal Cloud Function

Posted on 02-11-2025 06:12 AM
lucas_rosa_dotz
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hello,

I'm trying out Composer 3 to see if it fits my environment, and I've hit a problem when calling an internal HTTP Cloud Function.

Since the Function only accepts calls from internal sources, this works fine in Composer 2 (since the GKE cluster gets deployed in the same project), but it doesn't seem to work in Composer 3 (since it seems that calls come from an specific internal IP range, defaulted at `100.64.128.0/20`).

I'm already using a VPC Network Attachment so that the environment can use my project's VPC subnetwork, but it seems that has no effect. However, my subnet does have a NAT which allows access to the internet, so I don't know if that influences anything.

From my tests, I can confirm that the Composer 3 environment does resolve the base host, as can be seem here with these curl tests:
this one is when the Cloud Function is only accessible internally:

 

[2025-02-11, 11:52:12 UTC] {subprocess.py:75} INFO - Running command: ['/usr/bin/bash', '-c', 'curl -v https://us-central1-modular-aileron-191222.cloudfunctions.net/api-cotacao-dolar']
[2025-02-11, 11:52:12 UTC] {subprocess.py:86} INFO - Output:
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - * Uses proxy env variable NO_PROXY == '.google.com,.googleapis.com,metadata.google.internal'
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO -   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO -                                  Dload  Upload   Total   Spent    Left  Speed
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - \r  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Host us-central1-modular-aileron-191222.cloudfunctions.net:443 was resolved.
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - * IPv6: (none)
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - * IPv4: 199.36.153.8, 199.36.153.9, 199.36.153.10, 199.36.153.11
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - *   Trying 199.36.153.8:443...
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - * Connected to us-central1-modular-aileron-191222.cloudfunctions.net (199.36.153.8) port 443
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - * ALPN: curl offers h2,http/1.1
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - } [5 bytes data]
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - * TLSv1.3 (OUT), TLS handshake, Client hello (1):
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - } [512 bytes data]
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - *  CAfile: /etc/ssl/certs/ca-certificates.crt
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - *  CApath: /etc/ssl/certs
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - \r  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0{ [5 bytes data]
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - * TLSv1.3 (IN), TLS handshake, Server hello (2):
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - { [122 bytes data]
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - { [15 bytes data]
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - * TLSv1.3 (IN), TLS handshake, Certificate (11):
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - { [11380 bytes data]
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - * TLSv1.3 (IN), TLS handshake, CERT verify (15):
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - { [80 bytes data]
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - * TLSv1.3 (IN), TLS handshake, Finished (20):
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - { [52 bytes data]
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - } [1 bytes data]
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - * TLSv1.3 (OUT), TLS handshake, Finished (20):
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - } [52 bytes data]
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / id-ecPublicKey
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - * ALPN: server accepted h2
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - * Server certificate:
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - *  subject: CN=misc.google.com
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - *  start date: Jan 20 08:36:20 2025 GMT
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - *  expire date: Apr 14 08:36:19 2025 GMT
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - *  subjectAltName: host "us-central1-modular-aileron-191222.cloudfunctions.net" matched cert's "*.cloudfunctions.net"
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - *  issuer: C=US; O=Google Trust Services; CN=WR2
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - *  SSL certificate verify ok.
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - *   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using sha256WithRSAEncryption
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - *   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - *   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha384WithRSAEncryption
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - { [5 bytes data]
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - * using HTTP/2
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - * [HTTP/2] [1] OPENED stream for https://us-central1-modular-aileron-191222.cloudfunctions.net/api-cotacao-dolar
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - * [HTTP/2] [1] [:method: GET]
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - * [HTTP/2] [1] [:scheme: https]
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - * [HTTP/2] [1] [:authority: us-central1-modular-aileron-191222.cloudfunctions.net]
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - * [HTTP/2] [1] [:path: /api-cotacao-dolar]
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - * [HTTP/2] [1] [user-agent: curl/8.5.0]
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - * [HTTP/2] [1] [accept: */*]
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - } [5 bytes data]
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - > GET /api-cotacao-dolar HTTP/2
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - > Host: us-central1-modular-aileron-191222.cloudfunctions.net
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - > User-Agent: curl/8.5.0
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - > Accept: */*
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - >
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - { [5 bytes data]
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - < HTTP/2 404
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - < date: Tue, 11 Feb 2025 11:52:12 GMT
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - < content-type: text/html; charset=UTF-8
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - < server: Google Frontend
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - < content-length: 294
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - <
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - { [294 bytes data]
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - \r100   294  100   294    0     0   3165      0 --:--:-- --:--:-- --:--:--  3161
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - * Connection #0 to host us-central1-modular-aileron-191222.cloudfunctions.net left intact
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - <html><head>
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - <meta http-equiv="content-type" content="text/html;charset=utf-8">
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - <title>404 Not Found</title>
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - </head>
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - <body text=#000000 bgcolor=#ffffff>
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - <h1>Error: Not Found</h1>
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - <h2>The requested URL <code>/api-cotacao-dolar</code> was not found on this server.</h2>
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - <h2></h2>
[2025-02-11, 11:52:12 UTC] {subprocess.py:93} INFO - </body></html>
[2025-02-11, 11:52:12 UTC] {subprocess.py:97} INFO - Command exited with return code 0

 

 And this one when the function is publically available:

 

[2025-02-11, 13:51:38 UTC] {subprocess.py:75} INFO - Running command: ['/usr/bin/bash', '-c', 'curl -v https://us-central1-modular-aileron-191222.cloudfunctions.net/api-cotacao-dolar']
[2025-02-11, 13:51:38 UTC] {subprocess.py:86} INFO - Output:
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - * Uses proxy env variable NO_PROXY == '.google.com,.googleapis.com,metadata.google.internal'
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO -   % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO -                                  Dload  Upload   Total   Spent    Left  Speed
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - \r  0     0    0     0    0     0      0      0 --:--:-- --:--:-- --:--:--     0* Host us-central1-modular-aileron-191222.cloudfunctions.net:443 was resolved.
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - * IPv6: (none)
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - * IPv4: 199.36.153.11, 199.36.153.8, 199.36.153.10, 199.36.153.9
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - *   Trying 199.36.153.11:443...
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - * Connected to us-central1-modular-aileron-191222.cloudfunctions.net (199.36.153.11) port 443
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - * ALPN: curl offers h2,http/1.1
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - } [5 bytes data]
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - * TLSv1.3 (OUT), TLS handshake, Client hello (1):
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - } [512 bytes data]
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - *  CAfile: /etc/ssl/certs/ca-certificates.crt
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - *  CApath: /etc/ssl/certs
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - { [5 bytes data]
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - * TLSv1.3 (IN), TLS handshake, Server hello (2):
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - { [122 bytes data]
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - * TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - { [15 bytes data]
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - * TLSv1.3 (IN), TLS handshake, Certificate (11):
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - { [11380 bytes data]
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - * TLSv1.3 (IN), TLS handshake, CERT verify (15):
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - { [79 bytes data]
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - * TLSv1.3 (IN), TLS handshake, Finished (20):
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - { [52 bytes data]
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - * TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - } [1 bytes data]
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - * TLSv1.3 (OUT), TLS handshake, Finished (20):
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - } [52 bytes data]
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - * SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384 / X25519 / id-ecPublicKey
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - * ALPN: server accepted h2
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - * Server certificate:
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - *  subject: CN=misc.google.com
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - *  start date: Jan 20 08:36:20 2025 GMT
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - *  expire date: Apr 14 08:36:19 2025 GMT
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - *  subjectAltName: host "us-central1-modular-aileron-191222.cloudfunctions.net" matched cert's "*.cloudfunctions.net"
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - *  issuer: C=US; O=Google Trust Services; CN=WR2
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - *  SSL certificate verify ok.
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - *   Certificate level 0: Public key type EC/prime256v1 (256/128 Bits/secBits), signed using sha256WithRSAEncryption
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - *   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - *   Certificate level 2: Public key type RSA (4096/152 Bits/secBits), signed using sha384WithRSAEncryption
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - { [5 bytes data]
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - * using HTTP/2
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - * [HTTP/2] [1] OPENED stream for https://us-central1-modular-aileron-191222.cloudfunctions.net/api-cotacao-dolar
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - * [HTTP/2] [1] [:method: GET]
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - * [HTTP/2] [1] [:scheme: https]
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - * [HTTP/2] [1] [:authority: us-central1-modular-aileron-191222.cloudfunctions.net]
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - * [HTTP/2] [1] [:path: /api-cotacao-dolar]
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - * [HTTP/2] [1] [user-agent: curl/8.5.0]
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - * [HTTP/2] [1] [accept: */*]
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - } [5 bytes data]
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - > GET /api-cotacao-dolar HTTP/2
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - > Host: us-central1-modular-aileron-191222.cloudfunctions.net
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - > User-Agent: curl/8.5.0
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - > Accept: */*
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - >
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - { [5 bytes data]
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - < HTTP/2 422
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - < content-type: text/html; charset=utf-8
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - < x-cloud-trace-context: 17fdaa6c97bc701545071b40de0120a8;o=1
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - < date: Tue, 11 Feb 2025 13:51:38 GMT
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - < server: Google Frontend
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - < content-length: 58
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - <
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - { [58 bytes data]
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - \r100    58  100    58    0     0    336      0 --:--:-- --:--:-- --:--:--   337
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - * Connection #0 to host us-central1-modular-aileron-191222.cloudfunctions.net left intact
[2025-02-11, 13:51:38 UTC] {subprocess.py:93} INFO - Parameters dag_id, run_id, logical_date, date are required
[2025-02-11, 13:51:38 UTC] {subprocess.py:97} INFO - Command exited with return code 0

 

So, is there a way to make these internal functions accessible to Composer 3? Maybe a Load Balancer could solve this? Or is the only way to change the functions to be publically accessible and require authentication as a means to protect it?

0 0 171
Topic Labels
0 Likes
0 REPLIES 0
Top Solution Authors
View all