This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Invoke a cloud function via cloud run that is set with internal access only

Posted on 06-22-2023 01:00 AM
almartin
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Hi all,

Currently we have a cloud function that we invoke via cloud run that has an ingress setting of internal access only and when we try to invoke from Apigee X we get a 404 response. If we change the ingress setting to 'all access'  then it works fine.

The documentation on ingress settings says that internal access allows access from a VPC in the same project so we were expecting as our apigee instance sits in a VPC in the same project it would be able to invoke the cloud run app.  What do we need to setup to allow us to invoke a Cloud Run app with internal only ingress from Apigee instance that is in a VPC in the same project?

2 3 1,022
Topic Labels
3 REPLIES 3

Posted on --/--/---- --:-- AM
dchiesa1
Staff
Reply posted on --/--/---- --:-- AM

ok I mostly understand what you're saying.  Something is working when you try from Cloud Run, but it's not working when you try to invoke from Apigee. But Can you clarify

  • specifically what do you do to "invoke the cloud function via cloud run". Can you show Cloud Run code, configuration, something that explicitly shows what you're doing to make this work? 
  • Specifically how you try to invoke the same via Apigee X. What policy are you using, or if it is a target, thenn show that configuration, including any Authentication elements.

Your final statement said that you want to invoke a Cloud Run App.

What do we need to setup to allow us to invoke a Cloud Run app with internal only ingress from Apigee instance that is in a VPC in the same project?

Invoking Cloud Run is different than invoking Cloud Functions , right? Those are two different things, I think. I am not a subject matter expert on either, but I think they're different. Originally you said you wanted to invoke a Cloud Function. This statement says "invoke Cloud Run". So some clarity as to whether you are invoking Cloud Functions, or Cloud Run, and how.... will be helpful.

0 Likes

Posted on --/--/---- --:-- AM
MattBenno
Bronze 2
Bronze 2
In response to dchiesa1
Reply posted on --/--/---- --:-- AM

Hi, we're setting the cloud run url as the target endpoint in Apigee and have the cloud run network setting set as 'Internal Only' we would have expected that Apigee could access cloud run instances in the same project/region even when the setting for cloud run is 'Internal Only'. Hope that makes sense. Thanks Matt

0 Likes

Posted on --/--/---- --:-- AM
dknezic
Staff
Reply posted on --/--/---- --:-- AM

Note that the Apigee X instance does not run in your VPC network, so it cannot reach your cloud function / cloud run directly. 

Cloud Functions v2 is based on Cloud Run.

In terms of connectivity, using an ILB -> Serverless NEG -> Cloud Run should work. You should be able to point Apigee X at this ILB if the ILB is in the network you have peered Apigee X with. Otherwise, you can use PSC to point at this ILB

https://cloud.google.com/apigee/docs/api-platform/architecture/southbound-networking-patterns-endpoi...

Top Solution Authors
View all