I’m working with cloud run services and I have a problem with egress traffic to internet when cloud run service has configured a Serverless VPC Access Connector.
Cloud run Service is configured as follow:
Ingress: Allow internal traffic and traffic from Cloud Load Balancing
VPC Connector: Route all traffic through the VPC connector
Cloud run service is behind a External Global Load Balancer.
After configure the connector the service couldn’t access to external service like Facebook for example.
Configure Egress to route only private IPs through the VPC connector. This is the easiest way and works well if you don’t need to use VPC SC and don’t need to call other Cloud Run services that have Ingress=internal.
Use Cloud NAT, following the documentation you found. Once your request is in the VPC Network, Cloud NAT is the way to get it routed out of the network, even if you don’t need a static outbound IP.
Actually, my cloud run service also needs to call other cloud run service besides external service, so second option is fit for me.
However, I’m wondering if there is a way to register all my cloud run services in the VPC with a private IP, in this way I can Configure Egress of cloud run services to route only private IPs through the VPC connector. Is it possible such configuration?
I have the same problem when implementing this solution, is there any update?
when route all traffic to the VPC, cloud run does have internet access even though cloud nat is already configured?
Use Cloud NAT, following the documentation you found. Once your request is in the VPC Network, Cloud NAT is the way to get it routed out of the network, even if you don’t need a static outbound IP.