2

I am attempting to build a VM using the marketplace posgresql11 image (though the problem appears to be general for all images I have tried) with the following GCLOUD command:

gcloud compute instances create-with-container postgres-test \
  --container-image gcr.io/cloud-marketplace/google/postgresql11:latest \
  --container-env-file=envdata.txt \
  --container-mount-host-path mount-path=/var/lib/postgresql,host-path=/mnt/disks/postgres_data,mode=rw \
  --machine-type=e2-small \
  --scopes=cloud-platform \
  --boot-disk-size=10GB \
  --boot-disk-device-name=postgres-test \
  --create-disk="mode=rw,size=10GB,type=pd-standard,name=postgres-test-data,device-name=postgres-test_data" \
  --network-interface=subnet="default,no-address" \
  --tags=database-postgres \
  --metadata-from-file user-data=metadata.txt

The envdata.txt file contains the environment variable data for the image and the metadata.txt file contains bootcmd instructions to format and mount the external disk for the postgres data.

envdata.txt:

POSTGRES_USER=postgresuser
POSTGRES_PASSWORD=postgrespassword

metadata.txt:

#cloud-config

bootcmd:
- fsck.ext4 -tvy /dev/sdb
- mkdir -p /mnt/disks/postgres_data
- mount -t ext4 -O ... /dev/sdb /mnt/disks/postgres_data

The VM is created but and the sudo journalctl command shows that an attempt is starting to connect to the GCR but this appears to not be successful. The docker image for postgres is not downloaded and is not started on the VM.

If I now remove the no-address command from the network-interface line of the cloud command (allowing google to allocate an external IP address to the VM) by executing the following:

gcloud compute instances create-with-container postgres-test \
  --container-image gcr.io/cloud-marketplace/google/postgresql11:latest \
  --container-env-file=envdata.txt \
  --container-mount-host-path mount-path=/var/lib/postgresql,host-path=/mnt/disks/postgres_data,mode=rw \
  --machine-type=e2-small \
  --scopes=cloud-platform \
  --boot-disk-size=10GB \
  --boot-disk-device-name=postgres-test \
  --create-disk="mode=rw,size=10GB,type=pd-standard,name=postgres-test-data,device-name=postgres-test_data" \
  --network-interface=subnet="default" \
  --tags=database-postgres \
  --metadata-from-file user-data=metadata.txt

Then a VM is created, the POSTGRES image is downloaded and is executed. sudo journalctl shows that the connection to GCR starting and started.

Can anyone explain to me why the execution of an image in my case is dependant on having an external IP and how I can create a VM using the GCR without having to allocate an external IP address to the instance?

Jason Connor
  • 35
  • 3

1 Answers1

3

If you have a public IP, then requests from your instance to the Internet go thru the Internet Gateway. If your instance does not have a public IP then you need to setup Cloud NAT to provide a route to the Internet. This is the simplest solution. If you only need to access Google APIs and services and not the public Internet, see the next option.

Google Cloud NAT

Google also offers Private Google Access to reach only Google APIs and services.

Private Google Access

John Hanley
  • 74,467
  • 6
  • 95
  • 159
  • Hi John, thanks for your response. The problem I seem to have is that the instance does not have access to the GCR which is an internal google service. The reason for the question was exactly that, why if the creation of the instance does not require access to the internet since, GCR is internal, then why does the creation of the instance appear to be dependant on external access? – Jason Connor Dec 01 '20 at 00:24
  • The GCR service is not connected to your internal network (VPC). It is part of Google's network. Therefore you must create connectivity via one of the methods in my answer. – John Hanley Dec 01 '20 at 00:43