Hi Team,
i have configured shared VPC in projectA and created subnet and serverless VPC connector and attached to CloudRun service in projectB, if make this CloudRun service ingress to All, everything works fine, but when i set ingress to Allow internal traffic only, my other CloudRun service gives 403.
I am trying to access the cloudrun from another cloudrun from the same project. it is giving 403.
Hello,
As per the description, you would like to communicate between two Cloud Runs with the Ingress set to “Allow internal traffic only” running in two different projects (Host and Service). I would like to recommend the suggestions below.
Your configuration environment will only work when both Cloud Runs are within the same project or the same VPC Service Controls perimeter[1].
I would suggest you implement VPC Service Controls and look into the different service perimeters options. You could further control the flow of traffic using Ingress and egress rules.
[2] https://cloud.google.com/vpc-service-controls/docs/overview
Hi @Simrandeep
Thanks for the reply,
Both services are in the same project and connected to the same VPC and VPC connector.
When i keep ingress ALL, everything works fine, but when i change “Auth service” to “Allow internal traffic only” , my gateway cloudrun service is showing 403 while connecting to auth service. I am keeping Gateway ingress “ALL” .
Do you think VPC Service Controls will resolve the issue.