Google Cloud Platform services

Before you begin link

1. Follow the Get started guide to install Gloo Gateway, set up a gateway resource, and deploy the httpbin sample app.

2. Get the external address of the gateway and save it in an environment variable.

     export INGRESS_GW_ADDRESS=$(kubectl get svc -n gloo-system gloo-proxy-http -o jsonpath="{.status.loadBalancer.ingress[0]['hostname','ip']}")
   echo $INGRESS_GW_ADDRESS  
     

     kubectl port-forward deployment/gloo-proxy-http -n gloo-system 8080:8080
     

Step 1: Set up a Google Cloud Run instance link

Create a sample Cloud Run workload. Then, use Google Workload Identity to authorize Gloo Gateway to send requests to the Cloud Run workload.

1. In your Google Cloud project, identify or create a Google Kubernetes Engine (GKE) cluster. For an example, follow the Kubernetes Engine quickstart in the Google Cloud docs.

2. In the same Google Cloud project as your cluster, deploy a hello-world Cloud Run application by following the Deploy to Cloud Run quickstart in the Google Cloud docs.

3. In your cluster, link the gloo-proxy-http Kubernetes ServiceAccount in the gloo-system namespace to your Google IAM service account. This way, the gloo-proxy-http service account can authenticate to your Google Cloud APIs by using Workload Identity Federation for GKE.

   • At a minimum, the IAM service account must include the run.invoker and iam.serviceAccountUser roles.
   • For steps, see the Kubernetes ServiceAccounts to IAM guide in the Google Cloud docs.

Step 2: Set up routing to your Cloud Run instance link

1. Create an Upstream that represents your Cloud Run workload. Replace the host with the Cloud Run endpoint that your GKE cluster can access. In the Google Cloud console, the host is the URL on the Cloud Run details page. Remove https:// and any trailing / from your host.

     kubectl apply -f - <<EOF      
   apiVersion: gloo.solo.io/v1
   kind: Upstream
   metadata:
     name: cloud-run-upstream
     namespace: gloo-system
   spec:
     gcp:
       host: <hello-world>.a.run.app
   EOF
     

2. Create an HTTPRoute that matches incoming traffic on the cloudrun.example domain along the /gcp path and routes that traffic to the Cloud Run Upstream resource that you created.

     kubectl apply -f- <<EOF   
   apiVersion: gateway.networking.k8s.io/v1
   kind: HTTPRoute
   metadata:
     name: cloud-run
     namespace: gloo-system
   spec:
     hostnames:
     - cloudrun.example
     parentRefs:
     - group: gateway.networking.k8s.io
       kind: Gateway
       name: http
       namespace: gloo-system
     rules:
     - backendRefs:
       - group: gloo.solo.io
         kind: Upstream
         name: cloud-run-upstream
       matches:
       - path:
           type: PathPrefix
           value: /gcp
   EOF
     

3. Send a request to the Cloud Run instance. Verify that you get back a 200 HTTP response code and the hello world response from your Cloud Run workload.

     curl $INGRESS_GW_ADDRESS:8080/gcp -H "Host: cloudrun.example"
     

     curl localhost:8080/gcp -H "host: cloudrun.example"
     

   Example output:

     <!doctype html>
   <html lang=en>
   <head>
   <meta charset=utf-8>
   <meta name="viewport" content="width=device-width, initial-scale=1">
   <meta name="robots" content="noindex,nofollow">
   <title>Congratulations | Cloud Run</title>
   ...
     

Cleanup link

1. Remove the Upstream and HTTProute.

     kubectl delete httproute cloud-run -n gloo-system
   kubectl delete upstream cloud-run-upstream -n gloo-system
     

2. Delete the Google IAM service accounts and policy bindings.

3. Delete the Google Cloud Run instance.