Navigation :

Google Cloud Platform

Route traffic requests directly to a Google Cloud Platform (GCP) service, such as Google Cloud Run.

This feature is available in Gloo Gateway Enterprise only. If you are using the open source version of Gloo, these instructions do not work.

Before you begin

Prepare your Google Cloud account for use with the Cloud Run and Kubernetes Engine (GKE) services.

Identify a Google Cloud project with billing enabled that you plan to use for both the Cloud Run and Kubernetes Engine instances.
Verify that you have the appropriate permissions to create Cloud Run and Kubernetes Engine instances.

Step 1: Set up your Google Cloud environment

Create a sample Cloud Run workload. Then, use Google Workload Identity to authorize Gloo Gateway to send requests to the Cloud Run workload.

In your Google Cloud project, identify or create a Google Kubernetes Engine (GKE) cluster. For an example, follow the Kubernetes Engine quickstart in the Google Cloud docs.
Install Gloo Gateway Enterprise version 1.17 or later in your GKE cluster.
In the same Google Cloud project as your cluster, deploy a hello-world Cloud Run application by following the Deploy to Cloud Run quickstart in the Google Cloud docs.
In your cluster, link the gateway-proxy Kubernetes ServiceAccount in the gloo-system namespace to your Google IAM service account. This way, the gateway-proxy can authenticate to your Google Cloud APIs by using Workload Identity Federation for GKE.
- At a minimum, the IAM service account must include the run.invoker and iam.serviceAccountUser roles.
- For steps, see the Kubernetes ServiceAccounts to IAM guide in the Google Cloud docs.

Step 2: Create the Upstream for the Google Cloud Run service

The following examples create a basic VirtualService that routes traffic to an Upstream that represents your Cloud Run workload.

Create an Upstream that represents your Cloud Run workload. Replace the host with the Cloud Run endpoint that your GKE cluster can access. In the Google Cloud console, the host is the URL on the services detail page for your Cloud Run workload. For more options, see the API docs.
```
kubectl apply -f - <<EOF
apiVersion: gloo.solo.io/v1
kind: Upstream
metadata:
  name: cloud-run-upstream
  namespace: gloo-system
spec:
  gcp:
    host: <hello-world>.a.run.app
EOF
```

Create a VirtualService with a /gcp route that sends traffic to the Cloud Run Upstream. For more routing options, see the API docs.

kubectl apply -f - <<EOF
apiVersion: gateway.solo.io/v1
kind: VirtualService
metadata:
  name: cloud-run-vs
  namespace: gloo-system
spec:
  virtualHost:
    domains:
    - '*'
    routes:
    - matchers:
      - prefix: /gcp
      routeAction:
        single:
          upstream:
            name: cloud-run-upstream
            namespace: gloo-system
EOF

Step 3: Verify traffic to the Upstream

Send a request through Gloo Gateway to your Cloud Run workload.
- glooctl proxy url
- Port-forwarding for local testing
```
curl $(glooctl proxy url -n gloo-system --name gateway-proxy)/gcp
```
1. Enable port-forwarding on the gateway-proxy service to your localhost.
  kubectl port-forward -n gloo-system svc/gateway-proxy 8080:80
2. Send a curl request to the localhost.
  curl -vik http://localhost:8080/gcp

Verify that you get back the hello world response from your Cloud Run workload.

Example response:

<!doctype html>
<html lang=en>
<head>
<meta charset=utf-8>
<meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="noindex,nofollow">
<title>Congratulations | Cloud Run</title>
...

Cleanup

You can optionally remove the resources that you set up as part of this guide.

Delete the routing resources in your cluster.

kubectl delete upstream -n gloo-system cloud-run-upstream
kubectl delete vs -n gloo-system cloud-run-vs

Delete the Google IAM service accounts and policy bindings.
Delete the sample Cloud Run and Kubernetes Engine instances.