I have a Google Cloud Api Gateway in front of a Cloud Run Backend. If both are public everything works.
If I check Allow internal traffic only on Cloud Run, Api Gateway does not have access to the backend. Is there a way to keep a private connection between Api Gateway and Cloud Run?
Another question. Is there a way to have an Api Gateway inside my network using a private IP?
Answering this as community wiki.As guillaume blaquiere mentioned it is not possible for now.
When using API Gateway with Cloud Run, it should not be possible to allow only internal traffic from Cloud Run in order to only allow traffic from within Cloud Run’s VPC Network,all ingress which is the only option available for this setup.
Cloud Run service with ingress traffic set to Internal could not accept requests from API Gateway, API Gateway does not have anything on the roadmap for marking traffic as "internal" to serverless backends.
This may be available in future since there is a Feature Request to support updating the ingress settings to include the option of internal traffic from API Gateway and with the ingress Internal you will have a "private" IP for your service.