Re: Accessing internal Cloud Run service access fr...

rodrigo-segui · 06-02-2023 07:20 AM

I have a cloud run service deployed in project A which has a VPC A and I have set the incoming network option to "internal access". The service is connected to a vpc connector with network A on a /28 subnet.

I have a project B with a VPC B.

I would like to access the cloud run service of project A from project B.

The VPC A network is connected to VPC B with peering.

But, I can't access the cloud run service from project B, can anyone help me?

knet

What resource in VPC B are you accessing the service in project A from?

I can think of three possibilities:

- You're accessing service A from a managed service that's, behind the scenes, actually running in a different, Google-managed project with a VPC peered to VPC B.
- You're accessing service A from a Cloud Run service in project B. In that case, is Cloud Run service B's egress set to "all"?
- You're accessing service A from a different VPC peered to VPC B. (Peering is not transitive.)

rodrigo-segui

hello, I have a compute vm from project b in vpc b and I am accessing the vm via ssh and running the curl command https://name_service-uc.a.run.app/ ( example) and getting the error was not found on this server.

the cloud run service is in project A which has a vpc a.

This vpc a is peered with vpc b. The vpcs are in the same region.

knet

I wonder if the VM has perhaps been set up to only be able to access internal IPs.

I believe Private Google Access may be relevant here. Take a look at the documentation: https://cloud.google.com/run/docs/securing/private-networking.

Accessing internal Cloud Run service access from another vpc