1

I'm trying to recreate the tutorial howto connect filestore to gcp cloud run with terraform.

My terraform is now,

terraform {
  required_version = ">= 1.0.0"
  required_providers {
    google = {
      source  = "hashicorp/google"
      version = "4.62.0"
    }
  }
}

# Create a VPC network
resource "google_project_service" "vpcaccess-api" {
  project = var.project_gcp_name # Replace this with your project ID in quotes
  provider = google-beta
  service = "vpcaccess.googleapis.com"
}

# VPC
resource "google_compute_network" "default" {
  name                    = "cloudrun-network"
  project                 = var.project_gcp_name
  provider                = google-beta
  auto_create_subnetworks = false
}


resource "google_vpc_access_connector" "connector" {
  name           = "vpcconn"
  provider       = google-beta
  project        = var.project_gcp_name
  region         = "us-central1"
  ip_cidr_range  = "10.8.0.0/28"
  max_throughput = 300
  network        = google_compute_network.default.name
  depends_on     = [google_project_service.vpcaccess-api]
}


resource "google_filestore_instance" "filestore_instance" {
  name     = var.filestore_instance_name
  project  = var.project_gcp_name
  location = "us-central1-a"
  tier     = var.filestore_tier

  file_shares {
    capacity_gb = var.fileshare_capacity_gb
    name        = "share1"

    nfs_export_options {
      ip_ranges   = ["10.0.0.0/24"]
      access_mode = "READ_WRITE"
    }
  }

  networks {
    network      = "cloudrun-network"
    modes        = ["MODE_IPV4"]
  }
}

resource "google_cloud_run_service" "container" {
  name     = var.service_name
  location = var.region

  metadata {
    annotations = {
      "run.googleapis.com/client-name" = "terraform"
    }
  }

  template {
    spec {
      containers {
        image = "${var.image_name}:latest"

        env {
          name  = "FILESTORE_IP_ADDRESS"
          value = google_filestore_instance.filestore_instance.networks[0].ip_addresses[0]
        }
        env {
          name  = "FILE_SHARE_NAME"
          value = "share1"
        }
        env {
          name  = "MNT_DIR"
          value = "/mnt/workdir"
        }
        env {
          name  = "LOG_LEVEL"
          value = "INFO"
        }
      }
    }

    metadata {
      annotations = {
        # Limit scale up to prevent any cost blow outs!
        "autoscaling.knative.dev/maxScale" = "5"
        # Use the VPC Connector
        #"run.googleapis.com/vpc-access-connector" = module.test-vpc-module.subnets["us-central1/serverless-subnet"].name
        "run.googleapis.com/vpc-access-connector" = "vpcconn"
        # all egress from the service should go through the VPC Connector
        "run.googleapis.com/vpc-access-egress" = "all-traffic"
      }
    }


  }
  autogenerate_revision_name = true
}

The docker is set-up in the same way as the tutorial. I just added to the run.sh command showmount -e $FILESTORE_IP_ADDRESS to debug what's happening.

The logs show the following message,

clnt_create: RPC: Unknown host

as a double check that my environment variables are properly set, I show them in my logs and see

calling: showmount -e 10.15.225.10

and

$ gcloud filestore instances describe myfilestore
createTime: '2023-05-29T17:14:23.950831835Z'
fileShares:
- capacityGb: '1024'
  name: share1
  nfsExportOptions:
  - accessMode: READ_WRITE
    ipRanges:
    - 10.0.0.0/24
    squashMode: NO_ROOT_SQUASH
name: projects/spacejam-hc-us/locations/us-central1-a/instances/myfilestore
networks:
- connectMode: DIRECT_PEERING
  ipAddresses:
  - 10.15.225.10
  modes:
  - MODE_IPV4
  network: cloudrun-network
  reservedIpRange: 10.15.225.8/29
state: READY
tier: STANDARD

Running mount -o nfs --verbose on the client shows the following message in the logs,

mount.nfs: trying text-based options 'nolock,vers=4.2,addr=10.15.225.10,clientaddr=169.254.8.1'

Client address seems wrong, how can I fix that? Any other pointers to what I may do wrong?

Improve this question
4
  • Verify that the FILESTORE_IP_ADDRESS environment variable is set correctly and passed to the Cloud Run instance. Confirm that the IP address is being logged correctly, such as calling: showmount -e 10.15.225.10 and check that the IP address 10.15.225.10 is the correct IP address of your Filestore instance. You can use the command gcloud filestore instances describe myfilestore or check the Filestore instance details in the Google Cloud Console. Commented May 30, 2023 at 18:07
  • Thanks. showmount -e 10.15.225.10 is unable to find the IP address. Commented May 30, 2023 at 19:02
  • If the showmount -e 10.15.225.10 command is unable to find the IP address, it indicates that the NFS server on the Filestore instance is not reachable or there might be some network connectivity issue. Commented May 31, 2023 at 15:04
  • Thanks, I figured as much. Any clue how to get it well setup with terraform? Commented May 31, 2023 at 18:00
Related questions
4
CloudRun can't make outbound http(s) requests - Timeout
0
GAE http request to GCE via Serverless VPC Connector
0
Connect AppEngine service to CloudRun instance on same VPC network
Load 2 more related questions Show fewer related questions

0

Reset to default

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.