云运行服务到来自同一项目内的服务请求仍被 Ingress=Internal 阻止

Question

I have set up nodejs and python cloud run services. The nodejs front end makes calls to the python service, the requests work when ingress=all however when I change to ingress=internal it blocks my service to service requests.

I tried using VPC connector and routing all egress through the VPC connector in the nodejs service however this does not solve the issue.

Am I mistaken about how ingress=internal is supposed to work? I thought it would block anything except requests coming from a service within the same project, which it is.

Any one have any ideas or even where I could find some logs to at least help diagnose the issue?

Answer 1

Your issue comes from the origin of your request. you need to be aware of this when you are trying to achieve network configuration.

With your comments I understood that your frontend service serve React-Redux actions in the user browser. Now, print the request flow

User Browser -> Frontend -> User Browser
(Load JS on user Browser)
User Browser -> Backend -> ERROR

Indeed the backend can be reached only by resources connected to the project VPC. In your case, it's the user browser that perform the request and thus you get an error.

---

The setup that you perform will work in the request flow

User Browser -> Frontend -> (serverless VPC Connector) -> Backend -> (serverless VPC Connector) -> Frontend ->User Browser

That means, the request must all land in a publicly accessible service (here front end) which is connected to the VPC (through the serverless VPC Connector) and then perform a request to internal only services.