search

paraglider-project / paraglider

Streamlining cloud networking
https://paragliderproject.io
Apache License 2.0
61 stars 4 forks source link

[GCP] Failed to create private service resource #495

Open aviweit opened 2 weeks ago

aviweit commented 2 weeks ago

Creating the file gcp_psc_ep.json with the below contents:

{
   "url": "projects/my-project-name/regions/us-east4/serviceAttachments/httpd-lb-service",
   "region": "us-east4"
}

and invoking:

glide resource create gcp vpe gcp_psc_ep.json

produced the below message:

failed to create resource: Put "http://localhost:8080/namespaces/default/clouds/gcp/resources/vpe": EOF

which seems to cause the orchestrator to crash:

panic: runtime error: index out of range [0] with length 0

goroutine 68 [running]:
github.com/paraglider-project/paraglider/pkg/gcp.(*privateServiceHandler).readAndProvisionResource(0xc000c749c0, {0x30b0308, 0xc000882c60}, 0xc000e0e5a0, {0xc000eae300, 0x1c}, 0xc0003965b0, {0x4b0b240, 0x0, 0x0})
        /home/weit/paraglider/pkg/gcp/resources.go:631 +0x1b9
github.com/paraglider-project/paraglider/pkg/gcp.ReadAndProvisionResource({0x30b0308, 0xc000882c60}, 0xc000e0e5a0, {0xc000eae300, 0x1c}, 0xc0003965b0, {0x4b0b240, 0x0, 0x0}, 0xc000e0e600)
        /home/weit/paraglider/pkg/gcp/resources.go:243 +0x11a
github.com/paraglider-project/paraglider/pkg/gcp.(*GCPPluginServer)._CreateResource(0xc000dabee0, {0x30b0308, 0xc000882c60}, 0xc000e0e5a0, 0xc000e0e600)
        /home/weit/paraglider/pkg/gcp/plugin.go:438 +0x1665

I updated the below gcp resources.go method to return 1

// Get the subnet requirements for a private service connect attachment
func (r *privateServiceHandler) getNumberAddressSpacesRequired() int {
    return 1
}

re-built and run glide command again - which then produced the below error:

failed to create resource: Request failed with status code 400: {"error":"rpc error: code = Unknown desc = unable to read and provision resource: unable to insert address: googleapi: Error 400: Invalid value for field 'resource.purpose': 'PRIVATE_SERVICE_CONNECT'. The type/purpose values are invalid for subnetwork address."}

after updating addressPurpose constant with the below value: 

addressPurpose                = "GCE_ENDPOINT"

I was able to create a gcp endpoint with glide resource create CLI:

~/paraglider$ glide resource create gcp vpe gcp_psc_ep.json
Creating resource: vpe
Resource Created.
tag: default.gcp.vpe
uri: https://www.googleapis.com/compute/v1/projects/my-project-name/regions/us-east4/forwardingRules/para-vpe
ip: 10.0.0.3

I would like to ask whether I am missing something or perhaps a fix should be applied.

Thanks.

aviweit commented 2 weeks ago

I would like to ask what is the purpose of additionalAddress in method privateServiceHandler.createWithNetwork() ?

Thanks.

smcclure20 commented 1 week ago

Hi Avi,

I am looking into this. In the meantime, the additionalAddress(es) value is designed to accommodate cases when a resource requires multiple address spaces to be provisioned. An easy example of this is k8s clusters which need multiple, non-overlapping address spaces for pods, services, etc.

Specifically for private services, this is necessary because for endpoints for Google-managed services, the IP used to represent the service must not exist within the address space of the VPC of the endpoint. (https://cloud.google.com/vpc/docs/about-accessing-google-apis-endpoints)

However, this requirement is not true for non-Google services. I think there is a bug. I'll let you know what I find!