0

Need a design idea for below scenario:

I have project A and project B, I want to be able to connect to a service in project B which is a gRPC service running in cloudrun internally only.

Solution:

I plan to use VPC peering between project A and Project B and allow only the source IP over a port in FW rules of project B or create a security rule to allow only source ip attaching it to the internal load balancer.

Is there any other way this can be done without peering and have it done to expose service in project B internally only.

thedevopsguy
  • 11
  • 2
  • You cannot use peering. VPC peering is not transitive. That means project A cannot use a VPC peering connector to access a private Cloud Run instance in project B. Unless you implement a proxy (A connects to the proxy running in B which then connects to Cloud Run), your goal cannot be achieved. I recommend using Cloud Run authorization instead of proxies and connectors. – John Hanley Sep 06 '22 at 01:04
  • John Thanks for your input. I was able to peer the networks and was able to access the service in project B from project A through have the service in project B behind and ILB – thedevopsguy Sep 14 '22 at 02:51

0 Answers0