Re: Calling Cloud Run from using Cloud Function in...

pdrhm · 11-22-2022 09:33 AM

Hi Guys,

I have a Serverless VPC inside a shared VPC configured in my account, it's in a sub-project called shared-vpc.

In another sub-project, I deployed a Google Cloud Function in python which uses python's requests lib to perform HTTP rest to my Cloud Run container. My service on Cloud Run uses the same Serverless VPC as my Cloud Function and both (Cloud run and Cloud Function) are set to Allow unauthenticated invocations.

In short, I want VPC(Cloud Function -> HTTP REST -> Cloud Run).

I don't want my service exposed to the internet, so I set it to only internal traffic and routed all traffic inside VPC (ingress and egress). I also put my Cloud Function inside VPC.

The problem: I can't call my cloud run service endpoint from my cloud function, it always returns Acces Forbidden. Does anyone have tips or experience in similar cases? I also set multiple IAM permissions between projects to allow Function and Cloud Run to access VPC.

manishkjs

Hi @pdrhm ,

There seems to be routing issues. But, without making assumptions, is it possible for you to share an architecture diagram of your setup? If you don't have an existing one, you might want to leverage the official diagramming tool to create one.

As CloudRun and Functions are not default destinations within a VPC network, you have to double check that you are doing all the necessary configurations as mentioned here.

I look forward to the diagram and any updates you may have.

Calling Cloud Run from using Cloud Function inside VPC