Hi Team,
Currently I am working on a GCP task where the private GKE cluster needs to be exposed via APIGEE X.

I have followed 2 types of approaches for this setup.
Apigee X Network Connectivity using Private Service Connect (PSC) | by Samiulla Shaik | Google Cloud...

Securely Ingress to GKE using Apigee – Codemongers (wordpress.com)

While the northbound is same in both articles, the southbound differs.

We are using Single Project with Separate VPCs for GKE and APIGEE X.

1. We are exposing private GKE cluster using GatewayClass, Gateway, HTTPRoutes to create a Internal network Passthrough LB. We use public CloudDNS for the Hostnames resolving the IP address of Internal LB. (Eg: apache.app.com)
2. An Internal Apigee X eval project is created. An API proxy with target endpoint as the DNS: http://apache.app.com

3. we created External LBs explicitly( northbound setup as referenced in the articles)

4. If I curl the "https://apache.app.com" it should go through External LB --> Apigee Instance --> Internal LB of GKE. but its not working at all by giving 404 error. We created google managed SSL Certificate to the Domain and attached to External LB target Proxy as well.
5. I tested by creating a VM in Apigee VPC and did the curl 

HTTP/2 400 
content-length: 11
content-type: text/plain
date: Tue, 19 Dec 2023 05:06:26 GMT
x-request-id: 2fa208ea-692a-480b-8d42-089b4786eca6

Bad Request

6. Enabled the logging services for External LB , it looks like northbound connectivity is good but failing at the southbound level.

7. We tried the southbound approach of Service attachment and endpoint attachment by creating PSC subnet in GKE VPC and that too giving the errors.

I checked the firewall setup and "servicenetworking" VPC peering of Apigee VPC as well.
Please reply here if needed more info.

@dchiesa1