Hi All,

I have several cloud-run services running in GCP, and I need to make the endpoint URL only allowed to access via

1) internal traffic and
(Note: Pub-Sub is used for communication happening between different cloud-run services)

2) via my static IP address (VPN IP)

The solution that I have followed is as follows, In front of the cloud run I'm connecting one HTTP(S) load balancer and to allow access to specific IP addresses I'm using CloudArmor.

Question ..?

While developing new cloud-run services we tried testing Rest API calls instead of Pub/Sub for communication happening between different cloud-run services, so in such scenarios, the above solution is not working. So what is the difference here when we use Rest API calls instead of Pub/Sub.  Also when we use Rest API calls the communication between cloud run is happening only when the cloud run service is open to the public, if we change it to internal-only communication then the cloud run services are not getting communicated via Rest API calls. Why is this happening...!!!

( We are currently facing this issue with our newly developed cloud-run services the services are getting communicated only when we allow Ingress Control to ALL, but we need it to work with Internal only)

 @dumpalap  @abdelfettah @glen_yu 

Awaiting valuable suggestions ...!