Why Use Cloud Load Balancer for WebSocket Connections from Cloud Run?
I'm successfully creating a WebSocket connection from a GCP Cloud Run instance to an external system. I've strictly followed the official GCP documentation and everything is working as expected.
However, the documentation also recommends using a Cloud Load Balancer in front of the Cloud Run service to initiate WebSocket connections. Unfortunately, it doesn't provide a clear explanation for why this is necessary.
Reference Image:
Could someone please clarify the specific benefits or reasons for using a Cloud Load Balancer in this scenario? Are there any potential drawbacks or performance implications to consider when using a load balancer for WebSocket connections?
Any insights or explanations would be greatly appreciated.
Cloud Run only supports HTTPS connections, it does not support raw TCP ports. You could use an intermediary service to handle raw TCP and translate those requests into HTTPS. Theoretically a load balancer could easily translate TCP connections to one of those.
Cloud Run just supports HTTP, WebSockets and gRPC and not TCP. You can have Cloud Run communicate to other GCP services in the VPC by using a Serverless VPC Connector or expose it with an internal IP address behind a load balancer.
You can also use Load balancer and Google provided Cloud Armor to protect against the DDoS attacks without compromising the scaling of Cloud Run.
If the resource is a Cloud VPN gateway with users or on-prem services unable to access the service (despite being on the same project and/or VPC perimeter), one can use Private Service Connect or Internal Load Balancer.
Websocket connections can be up for a long time. Backend service timeout behaves differently for HTTP and TCP/SSL Proxy. If you want to have very long Websocket connections, then you should use Network Load Balancing.
Overall GCP Load Balancer can significantly improve the availability, scalability, and security of your WebSocket connections from Cloud Run. On the other hand while the Load Balancer adds a small amount of latency, its benefits generally outweigh this minor drawback.
Refer to Cloud Load Balancing: A comprehensive solution for secure and private access to Cloud Run services and for examples check Deploy a secured serverless architecture using Cloud Run for more information.
- How to remove a value from an array within a batched write in Firestore?
- Can't Access GCP Docker container
- Google Firebase: How do I "work around" an invalid "issuer" value in my client's OIDC discovery document?
- Firebase Phone authentication test num working but real phone num showing [BILLING_NOT_ENABLED]
- How do I list the roles associated with a gcp service account?
- Cannot connect to kafka hosted in cloud from spring boot application
- Downloading google calendar event attachment
- How to include DeltaLake Files from GCS to BigQuery
- Google Cloud translate JSON file
- Why does GCP Pub/Sub publish a message twice?
- Is it possible to create daily budget alerts in GCP?
- Firebase Cloud Functions cannot read nitro generated index.mjs file
- Beam Dataflow Reshuffle Failing
- How to Access GKE Private Master from VPN in Hub VPC with Peering
- Google Cloud API Gateway static URL
- What are different between GCP service and GCP resources?
- What is the best way to determine the maximum concurrent requests per instance for your App Engine or Cloud Run app?
- Cloud Run Jobs events to trigger Cloud Function with EventArc
- Getting 403 from Google Cloud Monitoring API using a service account and JWT auth
- Do Google Cloud Task requests count towards concurrent requests in Google App Engine?
- Created scheduled backups using Spanner's new built-in feature don't trigger the actual backup
- GCP pub sub ordering with concurrency in the subscriber
- Error: 10: Developer console is not set up correctly (Not Using Firebase) (One Tap sign-up)
- How to drop multiple tables in Big query using Wildcards TABLE_DATE_RANGE()?
- How to list all projects in GCP that belongs to a specific organization
- Constantly getting DEVELOPER_ERROR in Android Simulator using Firebase Authentication
- Google OAuth 2.0 authentication not working in React app: what am I doing wrong?
- How to SSH to docker container in kubernetes cluster?
- How to use google cloud load balance with cloudflare DNS proxy
- How to write data from apache beam using gcp dataflow to bigquery table?