Serverless inference with VPC Access Connector on GCP.

Question

Pulumi · Accepted Answer

To set up serverless inference with a VPC Access Connector on Google Cloud Platform (GCP), you will need to do the following:

Create a VPC Network: You will need a Virtual Private Cloud (VPC) network where your services will reside.
Set up a Serverless VPC Access Connector within the network: This connector allows serverless services, like Cloud Functions or Cloud Run, to access resources within your VPC.
Deploy a serverless service (e.g., Cloud Functions) that will be responsible for inference. This service needs to be configured to connect to your VPC through the VPC Access Connector.

The following Pulumi program performs these steps using the pulumi_gcp SDK.

Python Pulumi Program

import pulumi
import pulumi_gcp as gcp

# Create a VPC network
vpc_network = gcp.compute.Network("vpc-network",
    auto_create_subnetworks=True,  # Let GCP create subnetworks automatically
)

# Create a subnet for the VPC Access Connector
vpc_subnet = gcp.compute.Subnetwork("vpc-subnet",
    ip_cidr_range="10.8.0.0/28",  # The IP range for the connector must not overlap with any existing ranges in the network
    network=vpc_network.self_link,
    region="us-central1",  # Specify your desired region
)

# Deploy the Serverless VPC Access Connector
vpc_access_connector = gcp.vpcaccess.Connector("vpc-access-connector",
    network=vpc_network.name,
    region="us-central1",
    ip_cidr_range="10.8.0.0/28",  # Use the same range as the subnet created
)

# If you had a serverless function for inference, you would configure it as follows:
# serverless_function = gcp.cloudfunctions.Function("inference-function",
#     # ... other necessary configuration for the function ...
#     vpc_connector=vpc_access_connector.id,
# )

# pulumi.export to return output variables that might be needed (e.g., connector name)
pulumi.export("vpc_connector_name", vpc_access_connector.name)

Detailed Explanation

We import the respective Pulumi and GCP modules.
A VPC network is created using gcp.compute.Network to provide an isolated network environment for our resources.
Within this network, we create a subnet. The subnet is defined with a CIDR block that is reserved for the VPC Access Connector.
The serverless VPC Access Connector is created using gcp.vpcaccess.Connector. It is attached to the previously created VPC network and within the specified subnet's CIDR range. This Connector facilitates communication between your serverless environments and other resources within the VPC.
The pulumi.export function is used to make sure the name of the VPC Access Connector is available as an output of the deployment. This can be useful in scenarios where you need to use infrastructure outputs to configure subsequent services or for reference purposes.

Please note that the actual serverless function, such as a Google Cloud Function for inference, is commented out in the above program. This is because the configuration details of the function would be specific to your application (e.g., the function's source code, trigger, and environment variables). However, it does indicate where you would put the details of your function and highlights the important VPC connector configuration.

When deploying serverless resources that need to access your VPC, you can attach them to the VPC Connector with an attribute similar to vpc_connector=vpc_access_connector.id.

This program assumes that you have already set up the GCP provider using Pulumi. This involves configuring your GCP project and authentication settings which typically would be done by running pulumi config set gcp:project <PROJECT_ID> and pulumi config set gcp:credentials <CREDENTIALS_FILE_PATH> or by using the automatically discovered credentials through the gcloud CLI or GCP Compute Metadata API.

Remember that you will run this Pulumi program using the Pulumi CLI by navigating to your project directory and executing pulumi up. This command will preview and deploy your infrastructure according to the code defined in your Pulumi program.