This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

How to use serverless VPC access connector in google cloud, with Google Cloud Run Operators?

Posted on 05-05-2025 04:27 AM
officebotdk
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM 
I want help to run a cloud run job in google cloud, that connect to an database also located in google cloud with no public access. I have truples defining the following python dict:

def _create_job_dict() -> dict: """ Create a Cloud Run job configuration with a Python dict.
"""
return {
    "template": {
        "template": {
            "containers": [
                {
                    "image": "us-docker.pkg.dev/cloudrun/container/job:latest",
                    "resources": {
                        "limits": {"cpu": "1", "memory": "512Mi"},
                        "cpu_idle": False,
                        "startup_cpu_boost": False,
                    },
                    "name": "",
                    "command": [],
                    "args": [],
                    "env": [],
                    "ports": [],
                    "volume_mounts": [],
                    "working_dir": "",
                    "depends_on": [],
                }
            ],
            "volumes": [],
            "execution_environment": 0,
            "encryption_key": "",
        },
        "labels": {},
        "annotations": {'run.googleapis.com/vpc-access-connector': 'projects/officebot-410311/locations/europe-west1/connectors/tteess'},
        "parallelism": 0,
        "task_count": 0,
    },
    "name": "",
    "uid": "",
    "generation": "0",
    "labels": {},
    "annotations": {},
    "creator": "",
    "last_modifier": "",
    "client": "",
    "client_version": "",
    "launch_stage": 0,
    "observed_generation": "0",
    "conditions": [],
    "execution_count": 0,
    "reconciling": False,
    "satisfies_pzs": False,
    "etag": "",
}
I can easily manuel create an cloud run job that send trafic directly to a VPC, this gives me the following YAML file:
apiVersion: run.googleapis.com/v1
kind: Job
metadata:
  name: job-1
  namespace: '12345234523'
  selfLink: /apis/run.googleapis.com/v1/namespaces/12345234523/jobs/job-1
  uid: xxxxxx-xxxx-xxxx-xxxx-xxxxxxx
  resourceVersion: AAY0YEVd0VM
  generation: 1
  creationTimestamp: '2025-05-05T09:38:36.812263Z'
  labels:
    cloud.googleapis.com/location: europe-west1
    run.googleapis.com/lastUpdatedTime: '2025-05-05T09:39:05.545043Z'
  annotations:
    run.googleapis.com/creator: xxx@yyyyyyy.team
    run.googleapis.com/lastModifier: xxx@yyyyyyy.team
    run.googleapis.com/client-name: cloud-console
    run.googleapis.com/operation-id: xxxxxx-xxxx-xxxx-xxxx-xxxxxxx
spec:
  template:
    metadata:
      annotations:
        run.googleapis.com/vpc-access-connector: projects/officebot-410311/locations/europe-west1/connectors/tteess
        run.googleapis.com/vpc-access-egress: private-ranges-only
        run.googleapis.com/client-name: cloud-console
        run.googleapis.com/execution-environment: gen2
    spec:
      taskCount: 1
      template:
        spec:
          containers:
          - name: job-1
            image: us-docker.pkg.dev/cloudrun/container/job:latest
            resources:
              limits:
                cpu: 1000m
                memory: 512Mi
          maxRetries: 3
          timeoutSeconds: '600'
          serviceAccountName: 12345234523-compute@developer.gserviceaccount.com
status:
  observedGeneration: 1
  conditions:
  - type: Ready
    status: 'True'
    lastTransitionTime: '2025-05-05T09:38:37.680710Z'
how can i define this run.googleapis.com/network-interfaces: 'run.googleapis.com/vpc-access-connector: projects/officebot-410311/locations/europe-west1/connectors/tteess in def _create_job_dict(). When i use the dict defined in _create_job_dict() i get the following error: field: "Violation in CreateJobRequest.job.annotations[run.googleapis.com/vpc-access-connector]" description: "system annotations are not supported in Cloud Run API v2."
0 1 638
Topic Labels
0 Likes
1 REPLY 1

Posted on --/--/---- --:-- AM
-Rhett
Staff
Reply posted on --/--/---- --:-- AM

Hi @officebotdk,

Welcome to the Google Cloud Community!

It looks like there are a few configuration mismatches in your setup. Specifically, your job definition includes annotations indicating run.googleapis.com/execution-environment: gen2, but your Python dict sets execution_environment: 0, which defaults to Gen1. Your YAML file is also configured to apiVersion: run.googleapis.com/v1. You’ll need to choose the correct execution environment and align all related configurations accordingly. Refer to the guidance here to select the appropriate one: Choosing an Execution Environment.

Additionally, when using the Cloud Run Jobs API v2, annotations like run.googleapis.com/vpc-access-connector are no longer supported. Instead, VPC settings should be defined using the networkInterfaces field. For proper setup, review the documentation on Configuring VPC Connectors and update your Terraform files and YAML definitions to align with the supported structure:

If you continue to run into issues, be sure to follow the official troubleshooting guide and VPC connector troubleshooting steps. For persistent problems, you can also contact Cloud Run Support for additional help.

Was this helpful? If so, please accept this answer as “Solution”. If you need additional assistance, reply here within 2 business days and I’ll be happy to help.

0 Likes
Top Solution Authors
View all