Monday, May 27, 2024

Direct VPC egress on Google Cloud Run is now available

Direct VPC egress

Google Cloud is introducing Direct VPC egress for Google Cloud Run to the general public (GA). With the help of this functionality, traffic from your Cloud Run resources can reach a VPC network directly, saving time and money by avoiding the need for proxying via Serverless VPC Access connectors.

Actually, with up to 1 GB per second per instance, Direct VPC egress offers around twice the throughput of both VPC connectors and the standard Google Cloud Run internet egress method. Direct VPC egress enables greater throughput and lower latency for performance-sensitive apps, whether you’re delivering traffic to destinations on the VPC, to other Google Cloud services like Cloud Storage, or to other destinations on the public internet.

Cloud Run

What has changed since the teaser

Notable enhancements and additions:

  • Direct VPC egress is now supported in all regions where Google Cloud Run is accessible.
  • Now, under quota management, every Google Cloud Run service revision with Direct VPC can scale to more than 100 instances. If you require even greater scalability, there is a defined procedure for requesting quota increases.
  • Direct VPC egress traffic is now included in VPC Flow Logs and Firewall Rules Logging, and Cloud NAT is supported.

The primary concerns raised by Google Cloud preview users particularly bigger clients with complex networking, scalability, and security needs are addressed in these changes.

Google cloud Run

Encrypting Data Between Cloud Run and VPC

To create communication between Cloud Run Google Cloud Run and VPC resources prior to Direct VPC Egress, developers used SVPC. SVPC was useful, but it had a number of drawbacks.

Management Overhead: For developers, setting up and overseeing connection virtual machines (VMs) inside the VPC for SVPC introduced a new level of complexity.

Scalability Restrictions: Due to the limited number of outgoing connections available on SVPC connectors, applications with large concurrent traffic demands were hampered.

Cost Incurrence: Using connection virtual machines (VMs) led to ongoing expenses, even in times when application activity was minimal.

These restrictions made it difficult for Google Cloud Run apps to seamlessly integrate with private and protected resources inside a VPC.

Direct VPC Egress

A Simplified Approach

Direct VPC Egress, a game-changing method of tying Google Cloud Run services to VPC resources, was introduced in 2023 and is currently generally accessible. It eschews the requirement for overseeing connection virtual machines and yields several significant advantages:

Simplified Configuration

Connector virtual machines are a thing of the past. Developers may concentrate on creating their apps because Direct VPC egress makes it easy to enable access to a particular VPC network with little effort.

Improved Scalability

Direct VPC egress makes use of the strong internal network fabric of Google Cloud. This feature makes Google Cloud Run instances perfect for applications with high traffic volumes since it gives them access to a large pool of outbound connections.

Direct VPC egress uses a pay-per-use paradigm for cost optimisation. There is no set cost involved in running connection virtual machines in SVPC; instead, you simply pay for the resources that your Cloud Run service uses.

Enhanced Security

Routing internet traffic is a part of traditional cloud run egress, which may be vulnerable to breaches. By keeping all communication inside Google Cloud’s secure internal network, direct VPC egress reduces potential security issues.

Granular Control

Revisions of Cloud Run may be associated with network tags. This gives developers the ability to create fine-grained network access control, specifying exactly which VPC resources particular versions are allowed to access.

Direct VPC Egress Operates

Your Cloud Run instances are assigned internal IP addresses within the specified VPC network by Google Cloud when you enable Direct VPC egress on a Cloud Run service. These instances can then immediately connect to resources in the VPC over secure networks. This promotes a more secure and effective communication channel and removes internet egress traffic.

Realising Potential

Applications of Direct VPC Egress

Direct VPC egress provides access to private resources inside a VPC for a variety of applications. The following are some strong use cases:

Database Connectivity

To facilitate data persistence and retrieval within your secure environment, Cloud Run services can establish direct connections with databases housed inside a VPC.

Interaction Between Internal Microservices

Cloud Run services are able to communicate with other microservices that are set up inside the VPC. This makes it possible for microservices to work together effectively without sacrificing security in a well-integrated and safe application architecture.

Data stored in private buckets or databases inside the VPC can be accessed and processed by Cloud Run services using secure data processing pipelines. This reduces the possibility of unauthorised access by guaranteeing that data is safely segregated throughout the processing pipeline.

Machine Learning Workflows

Models and training data are safely stored inside a VPC, and this is accessible to Cloud Run services. As a result, safe and effective machine learning workflows are promoted, with data security maintained during the training and deployment phases.

Launching Direct VPC Egress

A Smooth Transition

YAML files, the Google Cloud Console, and the Google Cloud CLI are some of the ways that direct VPC egress can be configured. Here’s a condensed rundown of the procedure:

Add the VPC network and subnet that your service needs access to in your Cloud Run service setup to enable direct VPC egress.

Ascertain Permissions

Make sure the service account linked to your Cloud Run service has the authorizations required to utilise the selected VPC resources.

Deploy Your Service

With the Direct VPC egress configuration enabled, deploy your Cloud Run service. To ensure smooth operation, test connectivity to make sure your Cloud Run service can properly communicate with the required VPC resources.

Security Aspects

It’s important to follow security best practices even though Direct VPC egress provides a secure method of connecting Cloud Run services to VPC resources:

Thota nithya
Thota nithya
Thota Nithya has been writing Cloud Computing articles for govindhtech from APR 2023. She was a science graduate. She was an enthusiast of cloud computing.


Please enter your comment!
Please enter your name here

Recent Posts

Popular Post Would you like to receive notifications on latest updates? No Yes