Answer-first summary for fast verification
Answer: Change the Cloud Run ingress setting to 'Internal and Cloud Load Balancing.'
The correct approach to resolve the 403 Permission Denied error when trying to schedule tasks on Cloud Run with an ingress setting set to Internal is to change the Cloud Run ingress setting to 'Internal and Cloud Load Balancing'. This allows the Cloud Scheduler to invoke the Cloud Run service through the load balancer, which is permitted under the new ingress setting. The other options either do not address the ingress restriction (A and B) or propose an alternative that would still be blocked by the ingress setting (D).
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
No comments yet.
You manage a system running on stateless Compute Engine VMs and Cloud Run instances, with Cloud Run connected to a VPC and ingress set to Internal. You need to schedule tasks on Cloud Run. After creating a service account with the roles/run.invoker IAM role and setting up a schedule, testing results in a 403 Permission Denied error in Cloud Logging. What steps should you take to resolve this?
A
Grant the service account the roles/run.developer IAM role.
B
Configure a cron job on the Compute Engine VMs to trigger Cloud Run on schedule.
C
Change the Cloud Run ingress setting to 'Internal and Cloud Load Balancing.'
D
Use Cloud Scheduler with Pub/Sub to invoke Cloud Run.