Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.

Connevtion issue with Cloud run job and shared vpc

Hello, I'm trying to use Cloud Run Job to :

  • Communicate with my internal instances (in a shared VPC)
  • Go to internet with my public IP (cloud nat of my shared VPC)

I configured Serveless VPC Access with all traffic throught the VPC (to go out via my Cloud Nat). My Serveless VPC Access has been created in my service project. To be sure I'm not block by the Firewall I allowed all traffics in egress/ingress without success.

From my cloud run job, I'm not able to :

  • Reach internet (ping google.com)
  • Reach internal compute engine instances.

My Cloud nat, shared VPC work very well, I already have a few GKE cluster.

All suggestions is welcome.

0 1 277
1 REPLY 1

Hello,

I resolved my issue. Ping is just no supported...

  • Internal resolution works with internal IP or internal DNS (compute engine)
  • I'm able to go to Internet with my Cloud NAT IP.

You need theses following firewall rules :

gcloud compute firewall-rules create vpc-connector-requests \
	--allow tcp,udp,icmp \
	--direction=INGRESS \
	--source-tags vpc-connector \
	--network=NETWORK_NAME \
	--project=PROJECT_ID

gcloud compute firewall-rules create serverless-to-vpc-connector \
	--allow tcp:667,udp:665-666,icmp \
	--source-ranges=35.199.224.0/19 \
	--direction=INGRESS \
	--target-tags vpc-connector \
	--network=NETWORK_NAME \
	--project=PROJECT_ID