Is it possible to host a gRPC server in GAE Standard environment using Python? I have seen https://cloud.google.com/endpoints/docs/grpc/tutorials which seems to me you have to use ESP to host a gRPC server in GCP (GAE Standard is not listed here). Is ESP the only way to implement a gRPC server? Can't I write my own gRPC implementation such as https://grpc.io/docs/languages/python/basics/ and host it in GAE Standard?
I apologize for the basic questions as gRPC is quite new to me.
gRPC support is not available for App Engine as mentioned in group conversation here
.
Endpoints supports gRPC services for GKE, Compute Engine, and Cloud
Run (Beta). The framework available for Cloud Endpoints control of API in App Engine for Python you can refer
here Cloud Endpoints Frameworks
Related
I am setting up a new API and Google Cloud Endpoints Frameworks looks like a good candidate to use with an AppEngine standard handler. The API handler is to accesses BigQuery in the backend - This seems to prefer newer cloud-api-client libraries.
Python 2.7 is deprecated at the start of 2020. I can't find any guidance on whether Google is going to update endpoints to support GAE on Python3.x or removed (replaced with some other product perhaps?)
App Engine now supports Python 3.x.
Should I be considering cloud endpoints framework for a new project?
You're right, Endpoints Frameworks do not support Python 3.x yet.
A possible solution would be to use Cloud Endpoints on App Engine flexible environment.
Related questions:
How to do authentication check in Python library from Google Cloud Endpoints on GAE standard
How to check service-to-service authentication in Google Cloud Endpoints?
I have an App Engine Standard (Python) environment (using webapp2) that will be making calls to a Cloud Endpoint (no user authentication required, but the calls must be service-to-service secured) and I would like some clarification on how to do this using the Cloud Endpoint Framework for App Engine Standard.
If I go about the method described in (2) above, does this mean I would have to manual edit the openapi.json file that is generated from lib/endpoints/endpointscfg.py get_openapi_spect with the security definitions? The documentation seemed geared more towards GCE and App Engine Flex environments that are using the Cloud Endpoints for OpenApi so it was confusing whether I had to edit my #endpoints.api configurations.
Or, given that I am making a call from App Engine Standard environment, would I just be able to use urlfetch and AppIdentity: https://cloud.google.com/appengine/docs/standard/python/appidentity/ and assert identity to the endpoint? If so, what would the configurations look like?
I am using gRPC on Google Cloud GKE environment. Given this URL "https://cloud.google.com/endpoints/docs/" it implies that we can use gRPC with App Engine Flexible environment. However from the documentation it is impossible to find in how we can use ESP with the App Engine flexible runtime. I've tried it, but I cannot see how to expose both my health checks and expose the gRPC ports through to ESP given my App Engine URL. I based my tests on this:
Where is the documentation so I can use gRPC, with ESP (Extensible service proxy, nginx based) on this environment? Is the documentation wrong or is my assumption that I can use Firebase JWT Auth like I do on GKE? I prefer to use App Engine Flexible for my server. I use iOS as a mobile client, fully locked in to Google/Firebase.
That was mistake in the documentation. gRPC with App Engine flex is not supported. The documentation has been updated. Sorry for the confusion.
How do they differ? and what is the use case for each?
Is it possible for me to use one exclusively, such as if I'm more familiar with .NET I could do everything using the Client Library (for .NET) that I could with python and the SDK?
Google Cloud SDK https://cloud.google.com/sdk/docs/
Google Cloud Client Libraries https://cloud.google.com/apis/docs/cloud-client-libraries
The Cloud SDK is a set of command line tools (gcloud, gsutil, and bq). The use of the term 'SDK' here seems to be misleading and they should probably be called Google Cloud Tools or Google Cloud CLI.
The Cloud Client Libraries are the latest set of libraries available in various languages that you can program against.
There's also an older set of client libraries called the Google API Client Libraries. They're autogenerated from Google service interfaces and are simple wrappers to REST calls. You should probably use the newer Cloud Client Libraries if you can as they are more idiomatic and provide better abstraction.
Jarmod's answer is excellent.
Could I do everything using the Client Library (for .NET) that I could
with python and the SDK?
Almost everything. Exceptions I know:
.NET code can't run on good ole Google App Engine Standard. You can still run your .NET code in Google Compute Engine (on Windows) or Google App Engine Flexible Environment (.NET core code on Linux.)
Tensorflow only has a Python API.
Bigtable doesn't have a .NET API.
https://github.com/GoogleCloudPlatform/dotnet-docs-samples shows how to call many, but not all of the Google Cloud APIs.
The documentation from Google is not really clear about it.
Here ( https://cloud.google.com/compute/docs/vpn/overview ) it says
Google Cloud VPN securely connects your existing network to your Google Cloud Platform (GCP) network through an IPsec VPN connection
Considering that Both Google App Engine (GAE) and Google Compute Engine (GCE) are part of Google Cloud Platform (GCP), it would mean that Google Cloud VPN works for both GAE and GCE.
Also, the section for Cloud VNP is at the same level than GAE and GCE in the project console :
But the documentation is located in /compute/docs which should not obviously be compatible with /appengine/docs
And here is a graph describing the tunnel, which talks only about GCE, which could exclude GAE :
So, is GAE compatible with Cloud VPN or is it restricted to GCE only ?
Google Cloud VPN securely connects your existing network to your Google Cloud Platform (GCP) network through an IPsec VPN connection. Therefore, only resources that are connected to GCP networks can communicate through Cloud VPN tunnels.
App Engine Flexible Environment is based on Google Compute Engine and consequently can connect to your remote network via Cloud VPNs. As described in this article, you can specify network settings in your app.yaml configuration file of your GAE Flexible application.
EDIT Rodrigo Torres has pointed out that this is NOW possible.
(Leaving up the old post below. It is now WRONG!!!)
OLD POST:
Google App Engine standard CAN'T use VPN directly, however the new Flexible Google App Engine (now officially released, no longer in beta) CAN use it directly. Just set up google cloud VPN and your network from the console and make sure to include the network in your app.yaml file.
Flexible App Engine is be the easiest way for new applications to utilize VPN connections since there won't be any migration headaches.
For a standard app engine application that can't be ported over to flexible for whatever reason, you CAN still use a VPN connection - however, it requires a service to be running on flexible app engine (or compute engine), and your app will need to interface with it somehow. This may be the simplest method, as migrating from standard to flexible is not the simplest of tasks. I know - I've done it.