Cannot create a Google Compute Engine VM with a container image without en external IP address

891 views Asked by At

I am attempting to build a VM using the marketplace posgresql11 image (though the problem appears to be general for all images I have tried) with the following GCLOUD command:

gcloud compute instances create-with-container postgres-test \
  --container-image gcr.io/cloud-marketplace/google/postgresql11:latest \
  --container-env-file=envdata.txt \
  --container-mount-host-path mount-path=/var/lib/postgresql,host-path=/mnt/disks/postgres_data,mode=rw \
  --machine-type=e2-small \
  --scopes=cloud-platform \
  --boot-disk-size=10GB \
  --boot-disk-device-name=postgres-test \
  --create-disk="mode=rw,size=10GB,type=pd-standard,name=postgres-test-data,device-name=postgres-test_data" \
  --network-interface=subnet="default,no-address" \
  --tags=database-postgres \
  --metadata-from-file user-data=metadata.txt

The envdata.txt file contains the environment variable data for the image and the metadata.txt file contains bootcmd instructions to format and mount the external disk for the postgres data.

envdata.txt:

POSTGRES_USER=postgresuser
POSTGRES_PASSWORD=postgrespassword

metadata.txt:

#cloud-config

bootcmd:
- fsck.ext4 -tvy /dev/sdb
- mkdir -p /mnt/disks/postgres_data
- mount -t ext4 -O ... /dev/sdb /mnt/disks/postgres_data

The VM is created but and the sudo journalctl command shows that an attempt is starting to connect to the GCR but this appears to not be successful. The docker image for postgres is not downloaded and is not started on the VM.

If I now remove the no-address command from the network-interface line of the cloud command (allowing google to allocate an external IP address to the VM) by executing the following:

gcloud compute instances create-with-container postgres-test \
  --container-image gcr.io/cloud-marketplace/google/postgresql11:latest \
  --container-env-file=envdata.txt \
  --container-mount-host-path mount-path=/var/lib/postgresql,host-path=/mnt/disks/postgres_data,mode=rw \
  --machine-type=e2-small \
  --scopes=cloud-platform \
  --boot-disk-size=10GB \
  --boot-disk-device-name=postgres-test \
  --create-disk="mode=rw,size=10GB,type=pd-standard,name=postgres-test-data,device-name=postgres-test_data" \
  --network-interface=subnet="default" \
  --tags=database-postgres \
  --metadata-from-file user-data=metadata.txt

Then a VM is created, the POSTGRES image is downloaded and is executed. sudo journalctl shows that the connection to GCR starting and started.

Can anyone explain to me why the execution of an image in my case is dependant on having an external IP and how I can create a VM using the GCR without having to allocate an external IP address to the instance?

1

There are 1 answers

2
John Hanley On BEST ANSWER

If you have a public IP, then requests from your instance to the Internet go thru the Internet Gateway. If your instance does not have a public IP then you need to setup Cloud NAT to provide a route to the Internet. This is the simplest solution. If you only need to access Google APIs and services and not the public Internet, see the next option.

Google Cloud NAT

Google also offers Private Google Access to reach only Google APIs and services.

Private Google Access