I am trying to deploy Google's nginx hello world example via App Engine's flexible env. I'm using the same setup as detailed in the quick start guide, with the exception of network settings added to app.yaml (file contents below):
runtime: custom
env: flex
network:
name: my_network
subnetwork_name: my_subnet
For replication, my exact process is (from within a GCP cloud shell):
- clone Google's example repo,
cdinto the nginx directory,- update
app.yamlto reflect the correct network setup (see above), - run
gcloud app deploy .orgcloud beta app deploy ..
The result is an error 13:
53db376e88c7: Layer already exists
3baebd9b50ad: Layer already exists
1401df2b50d5: Layer already exists
57a9a0cdd450: Layer already exists
latest: digest: sha256:96324cd5dd0571fa98e461ecfc844cefc74c1bad7d621273f11f94e7676cde86 size: 2605
DONE
----------------------------------------------------------------------------------------------------
Updating service [default] (this may take several minutes)...failed.
ERROR: (gcloud.app.deploy) Error Response: [13] An internal error occurred.
I have attempted deploying with different healthcheck options but recieve the following:
ERROR: (gcloud.app.deploy) INVALID_ARGUMENT: Legacy health checks are no longer supported for the App Engine Flexible environment. Please remove the 'health_check' section from your app.yaml and configure updated health checks. For instructions on migrating to split health checks see https://cloud.google.com/appengine/docs/flexible/java/migrating-to-split-health-checks
I assume the advice to do so is out of date.
The app itself runs fine from a docker container. Any advice would be welcome
CodePudding user response:
Google support supplied a solution which worked for me. However, Error 13 is relatively general so YMMV. In your deployment environment, run the following:
gcloud config set interactive/hidden truegcloud app update --service-account=PROJECT_DEFAULT_APP_ENGINE_SAgcloud app deploy
1 exposes hidden commands/flags and 2 sets the active service account for the app.
Beware - a project's default App Engine SA is heavily permissioned so it may be worth isolating App Engine to its own project to minimise risk.
CodePudding user response:
I also tried reproducing the same scenario you have mentioned but no error was thrown to me. When adding the network to your app.yaml you have to make sure you use the short name for network, this is mentioned here.
The network settings in your app.yaml should look something like this:
network:
instance_tag: TAG_NAME
name: NETWORK_NAME
subnetwork_name: SUBNETWORK_NAME
session_affinity: true
forwarded_ports:
- PORT
- HOST_PORT:CONTAINER_PORT
- PORT/tcp
- HOST_PORT:CONTAINER_PORT/udp
Where for name :
Every VM instance in the flexible environment is assigned to a Google Compute Engine network when it is created. Use this setting to specify a network name. Give the short name, not the resource path (for example, default rather than https://www.googleapis.com/compute/v1/projects/my-project/global/networks/default). If you do not specify a network name, instances are assigned to the project's default network (which has the name default). If you want to specify a subnetwork name, you must specify a network name.
And for subnetwork_name:
Optional. You can segment your network and use a custom subnetwork. Ensure that the network name is specified. Give the short name, not the resource path (for example, default rather than https://www.googleapis.com/compute/v1/projects/my-project/global/networks/default/subnetworks/default).The subnetwork must be in the same region as the application.
If you are using a VPC shared network for your project, this will help you do it, all you need to do is follow the step by step given here.