This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

Unable to Create VPC Serverless Connector - Error on Creation

Posted on 09-30-2024 11:04 AM
Emailright
New Member
Reply posted on --/--/---- --:-- AM

Hello GCP Community,

I'm facing a critical issue that's impacting my company's email processing system. I'm unable to create a VPC serverless connector, which is causing our cloud function (triggered by Pub/Sub for Gmail updates) to fail. Here are the details:

1. Error message: "Create VPC connector "default" (europe-west1)"
2. Region: europe-west1
3. Previous situation: Had an existing connector, deleted it last Friday
4. Current problem: Cannot create a new connector to replace the deleted one

I've already reached out to Brazilian support, but they were unable to resolve the issue or even find the root cause. This problem is severely affecting our business operations and reputation.

Has anyone encountered a similar issue or can provide guidance on how to troubleshoot this? Any help would be greatly appreciated as this is blocking our critical email processing workflow.

Thank you in advance for your assistance.

0 1 390
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
KyleMari
Staff
Reply posted on --/--/---- --:-- AM

Hi @Emailright,

Welcome to Google Cloud Community!

Connector creation can fail for several reasons. You may want to review the activity logs in your Cloud Logging Audit logs, this can give you further information why the creation failed. You can use this code to filter and quickly review the error:

log_id("cloudaudit.googleapis.com/activity")
protoPayload.serviceName="vpcaccess.googleapis.com"
protoPayload.methodName="google.cloud.vpcaccess.v1.VpcAccessService.CreateConnector"

You could try these troubleshooting steps to see if they help resolve the problem:

  1. Check that the Serverless VPC Access is enabled - If the vpcaccess.googleapis.com is disabled you will get an error while trying to see the VPC connector page in project inspection.
  2. Make sure the Compute Engine default service account exists - The VPC connector depends on this service account to work properly. You may be able to undelete/restore the Compute Engine default SA if it has been deleted in less than 30 days.
  3. Check subnets - Verify that the subnets within the VPC network are correctly configured and have available IP addresses. When you create an auto-mode network, you get one subnet per region, and it uses the whole 10.128.0.0/9 CIDR block. So, even if your chosen /28 range doesn't overlap with any existing subnets, it still can't overlap with the larger 10.128.0.0/9 range. In auto-mode networks, connectors can use any other non-overlapping RFC1918 range that isn't part of 10.128.0.0/9. You can verify which subnet is causing the overlap through the following logs filter and by expanding the logs with the message "INVALID_USAGE"
    log_id("cloudaudit.googleapis.com/activity")
protoPayload.serviceName="compute.googleapis.com"
protoPayload.methodName="v1.compute.subnetworks.insert"
protoPayload.authenticationInfo.principalEmail="[PROJECTNUMBER]@cloudservices.gserviceaccount.com" "conflicts with existing subnetwork" OR "networks cannot overlap with 10.128.0.0/9"
  4. Ensure the serverless VPC image is trusted for use in the project - Grant your project permission to use Compute Engine VM images from the project with ID serverless-vpc-access-images.

If the workarounds above don't work, you can contact Google Cloud Support for a more in-depth analysis. When contacting them, please provide comprehensive details and include screenshots. This will help them better understand and address your issue.

I hope the above information is helpful

0 Likes