google-cloud-platformserverlessvpngoogle-cloud-rungoogle-vpc

Why can't Cloud run service (next.js) connect to another Cloud run service (node.js) through Direct VPC egress


I can't seem to send traffic from one cloud run service to another although I have setup a Direct egress VPC connection.

I am currently running 2 cloud services (client and server).

server is configured to only allow internal traffic through a Privacy Service Connect service (psc).

The psc exposes an endpoint in a consumer vpc which is reachable at 10.0.0.2 and publishes a service in a separate producer vpc connected to an internal load balancer (ilb) that directs traffic to server.

client's ingress control is set to allow all traffic because it is a public web app. Direct VPC egress with consumer vpc is enabled on client.

Lastly I created a DNS A record within a private zone that maps server's *run.app url to psc's consumer ip address 10.0.0.2.

Each time client makes a request to server using its run.app url, a CORS error is raised.

Access to XMLHttpRequest at 'https://test-development-enterprise-api-ummzxs4jpa-ez.a.run.app/api/auth/passwordless' from origin 'https://psc-consumer-ummzxs4jpa-ez.a.run.app' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: It does not have HTTP ok status.

The weird part is I can successfully make requests to server by sshing into a dummy vm I spawn in consumer's network.

ify@psc-consumer-2:~$ curl -k https://test-development-enterprise-api-ummzxs4jpa-ez.a.run.app/api/health
{"message":"Healthy Services","uptime":"5:3:46"}

Any idea what could be the issue here? I am happy to changing my approach if need be.


Below is a network topology that largely reflects my implementation.

network diagram

Apologies in advance if something does not make sense because i am pretty new to cloud networking.


Solution

  • Posting sir @guillaume and @remedy_man comments as answers from this post to help users from this concern. As per @guillaume the issue is loading data from service A, CSS et JS to display page in browser, then you try to reach service B, FROM BROWSER, because you do not call the backend when you have static code in your browser.

    And what solve @remedy_man posted question is by using “service-a's Backend for Frontend to proxy requests to service-b”