2 months ago
I have two services deployed in my project.
Both using docker images.
Both running "sleep 100000".
Both using the same region and static IPs enabled.
One service have internet access.
One service does not have internet access.
If I disable static IPs for the problematic service, it can access the internet, but it can no longer access our internal database, as it has a firewall rule blocking it.
15 Replies
I am still unable to get internet access working properly for the problematic deployment.
I'm still unable to access the internet through this particular deployment.
Hi, Sorry you hit this issue, we're actively working on a fix as we scale out our compete. You have hit an edge case conflict between the volume placement and your static egress ip, the volume was placed on a machine that doesn't support routing out via the static ip.
As a temporary work around you can create a service with static IP associated then create the volume or remove the static ip from that service. I'm hoping to have the underlying issue addressed soon meaning the work around would not be necessary
Thanks for the answer. Is there a good way to "mount" secrets, so I don't have to use a volume in that case?
2 months ago
I suppose environment variables?
The problem is the underlying image expects there to be some yaml files present, even if it expands environment variables.
you could use a startup command to pull the environemtn vars and write them to disk where they need to be, then run the original start command for the image.
The normal container image is just a single statically linked go binary, in a distroless image. 👀
I just tested using our normal production ready images outside of GCP hosting, but haven't had much luck trying to shoehorn it in. 😂
2 months ago
I've just shipped a change which should address the issue with outbound connectivity for this service.
Would you be ok to retest and let me know how it goes?