Connecting to gcp pubsub from pcf app deployed on-...

happysoul · 09-13-2022 07:14 AM

Hello,

I have a spring boot app deployed to PCF. The service connects to gcp pub/sub and publishes message to pub/sub topic. After deploying the service, while accessing the service, getting and error below.

"com.google.api.gax.rpc.UnavailableException: io.grpc.StatusRuntimeException: UNAVAILABLE: ioException"

The issue was fixed after whitelisting the pubsub ip address in PCF Application Security Group section and restarting the app.

Can someone please help why we need to whitelist the ips in pcf to access gcp pub/sub.

If required, what is the guarantee that the gcp pub/sub ip addresses don't change in future?

josegutierrez

Ip Whitelisting is not a security control and is hard to do at Google, it is better to avoid it.

What you can do instead of IP Whitelisting is to use a strong mutual authentication. For example TLS Mutual Auth or application layer security.

Manikandan_007

Hi @happysoul , Am new to GCP and I am currently working on the same sort of integration, connecting GCP pubsub from PCF application and Using ADFS WIF token to connect GCP pubsub, facing issue with authentication process where am getting un authentication exception whenever ADFS token expired. In our logic we have @bean called "CredentialProvider" which initiated at the start of the application and not initiating again which is causing exception while making a connection to GCP

Can you help me to solve the issue? since you have more understanding on this integration !

Roderick

Whitelisting might be an interim solution, but isn't the best solution as the IP addresses of Google Cloud Pub/Sub (and other products) are subject to change, without notice.

Connecting to gcp pubsub from pcf app deployed on-prem