This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

SSL Error when trying to reach Private Service Endpoint

Posted on 11-25-2024 08:27 AM
max-redux
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I'm experiencing SSL connection errors when my Cloud Run Job attempts to connect to a private ClickHouse service endpoint (ClickHouse Cloud) within my VPC.

The connection works great from VMs within the same VPC, but the Cloud Run Job consistently fails with an SSLError. I've verified VPC Service Access configuration, firewall rules, and service account permissions.

Error:
clickhouse_connect.driver.exceptions.OperationalError: Error HTTPSConnectionPool(host='<domain>.gcp.clickhouse.cloud', port=8443): Max retries exceeded with url: /?wait_end_of_query=1 (Caused by SSLError(SSLEOFError(8, '[SSL: UNEXPECTED_EOF_WHILE_READING] EOF occurred in violation of protocol (_ssl.c:1007)'))) executing HTTP request attempt 1 (https://<domain>.europe-west4.gcp.clickhouse.cloud:8443)

0 1 320
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
diannemcm
Staff
Reply posted on --/--/---- --:-- AM

Hi @max-redux,

Welcome to Google Cloud Community!

This error is usually caused by a premature termination of the SSL connection before the handshake is complete or during data transfer/handshake failure. Test SSL certificate validity and trust chain.

Cloud Run needs to use a VPC Connector to access services in a private VPC. You need to confirm that the Cloud Run job must be connected to the correct VPC using a VPC Connector. Make sure that the egress settings for your VPC connector are configured to route traffic to the private services in the VPC.

A connector handles traffic between your serverless environment and your VPC network. When you create a connector in your Google Cloud project, you attach it to a specific VPC network and region. You can then configure your serverless services to use the connector for outbound network traffic.

There are two main benefits to using Serverless VPC Access:

  • Requests sent to your VPC network are never exposed to the internet.
  • Communication through Serverless VPC Access can have less latency compared to the internet.

Other relevant documentation:

GCP Private Service Connect

VPC with connectors

I hope the information above is helpful.

 

0 Likes
Top Labels in this Space
Top Solution Authors
View all