Fix GCP Cloud Run Run Vpc Ingress Errors
When working with GCP Cloud Run, you may encounter a configuration error that prevents your deployment from working. This guide explains the most common mistake with run vpc ingress and shows the exact fix.
A Common Mistake
Deploying an internal-only Cloud Run service but not updating DNS records, causing the default run.app URL to be inaccessible from within the VPC.
The incorrect command:
gcloud run deploy my-service --image=gcr.io/my-project/my-image --ingress=internal
Error output:
Deployed with internal ingress.
The service URL https://my-service-xxxxx-uc.a.run.app returns:
curl: (6) Could not resolve host
The default run.app domain resolves to public IPs that are not reachable from within the VPC. Internal services need a different access method.
The Correct Approach
The right way to configure run vpc ingress in GCP Cloud Run:
gcloud run deploy my-service --image=gcr.io/my-project/my-image --ingress=internal --region=us-central1
Successful result:
Deployed with internal ingress.
Access the service via:
curl -H "Host: my-service-xxxxx-uc.a.run.app" http://x.x.x.x
Or set up Cloud DNS with a private zone pointing to the internal IP.
The service is only reachable from within the VPC.
How to Prevent This
Internal Cloud Run services need DNS configuration for the run.app domain. Use Private Google Access and Cloud DNS private zones. Or access via the internal IP with Host header. Internal services cannot be reached from the internet. Use internal-only for backend APIs and microservices.
FAQ
Built by the developers of Doda Browser, DodaZIP, and Durga Antivirus Pro. Secure your cloud with DodaTech.
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro