2

I understand there are two ways in which a container can be deployed on Google Cloud Run:

  1. Cloud Run Fully managed: This runs independently managed by GCP without us creating a cluster
  2. Cloud Run for Anthos: This needs us to create a GKE cluster with Cloud Run enable

I want to go for the second option but would like to keep the GKE cluster private so that no external traffic is allowed.

All the documentation and resources I am going through are explaining everything with Public GKE Clusters (with external IPs).

Is there a way to achieve what I am looking for?

What problems will I face while doing the setup?

Is istio always necessary when using Cloud Run with GKE?

Amit Yadav
  • 4,422
  • 5
  • 34
  • 79

1 Answers1

3

You can deploy Cloud Run on GKE in private mode (not really easy to found in documentation, here the link to the gcloud command line).

If the connectivity is private, the service will be reachable only from inside the cluster, and not from internet.

I don't figure what problem you can have for the set up.

Finally, Knative is based on Istio. You can't deploy Knative element without it. And Cloud Run on GKE is simply a package of Knative product by Google. (For managed is different)

guillaume blaquiere
  • 66,369
  • 2
  • 47
  • 76
  • Every time I try to deploy a service, I get an error saying `Failed to create a service. Tracking number: 1some2thing3random`. You have any idea why? – Amit Yadav Sep 26 '19 at 11:16
  • Do you have more information in logs? What's the full config of your cluster? – guillaume blaquiere Sep 26 '19 at 11:45
  • I have asked another question about this issue. [Here](https://stackoverflow.com/questions/58115936/gcp-cloud-run-failed-to-create-a-service) is the link. I have explained everything in the question in detail. Please have a look – Amit Yadav Sep 26 '19 at 12:19