I have the following setup:
GLB -≥ Serverless NEG -> API GW -> Cloud Run
Is that possible to limit the ingress with the configuration option internal-and-cloud-load-balancing?
I am getting 403. Is there some additional setup necessary?
Documentation claims:
Only supported for Cloud Run (fully managed). Only inbound requests from Google Cloud Load Balancing or a traffic source allowed by the internal option are allowed.
Goal: I want cloud run to be accessible only through GLB -> API GW path.
Any help is appreciated.
API Gateway does not support the Internal or Internal and Cloud Load Balancing ingress restriction settings. This is an API Gateway’s behavior, as it is not part of the VPC Network in which the Cloud Run service is located. Only the sources described in the documentation accepts requests for a service with the ingress configuration set to internal or Internal and Cloud Load Balancing which is why the setup GLB > API GW > Cloud Run does not work.
A feature request has been raised for this functionality. To keep track of the status/progress of this feature request, kindly refer to this link and click the +1 button to get notified for further updates