This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Connection timeout from CloudBuild to GRPC on GKE

Posted on 12-28-2023 09:59 AM
yerinu2023
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I'm getting the following error when gRPC client on CloudBuild calls gRPC server on GKE.

UNAVAILABLE: Connection timeout for priority cloud-internal-istio:cloud_mp_493914004039_1122741154809425496[child1].

I have resolved GRPC server XDS resolution permission issue between CloudBuild and Traffic Director, so I suspect timeout could be relate to firewall blocking from CloudBuild to GRPC server on GKE.

I have the following firewall rule for health check from traffic director to GRPC server.

gcloud compute firewall-rules create grpc-gke-allow-health-checks \
--network default --action allow --direction INGRESS \
--source-ranges 35.191.0.0/16,130.211.0.0/22 \
--target-tags allow-health-checks \
--rules tcp:50051-50052

I guess this firewall rule might not include connection from CloudBuild to GRPC server waiting on port 50051.

Any help would be appreciated.

Thanks
0 1 311
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
Marvin_Lucero
Staff
Reply posted on --/--/---- --:-- AM

Hi @yerinu2023,

The error :

@yerinu2023 wrote:

UNAVAILABLE: Connection timeout for priority cloud-internal-istio:cloud_mp_493914004039_1122741154809425496[child1].

indicates an unestablished connection with the gRPC server due to a timeout. You may have to check the timeout settings  of gRPC client and server config. It's possible that the default timeouts are too short for your environment. You can also check for the versions of the gRPC libraries on both the client and server side. Make sure you are using the latest versions because sometimes, issues are resolved in newer releases.

In addition, check the instances in your GKE cluster have the correct target tags (allow-health-checks) applied. This is necessary for the firewall rule to be applied to the instances that need to receive health check traffic.

I want to share the revised version or code. Please refer below:

gcloud compute firewall-rules create grpc-gke-allow-health-checks \
--network=default --action=allow --direction=INGRESS \
--source-ranges=35.191.0.0/16,130.211.0.0/22 \
--target-tags=allow-health-checks \
--rules=tcp:50051-50052

Let me know if this works for you. 

 

0 Likes
Top Solution Authors
View all