Hi,
We’ve recently started using Cloudflare Access to secure our private applications. We’re using GCP and we’d like to run the Cloudflared daemon in a containerised way using Cloud Run, but have ran into issues where it gets stuck in an infinite reboot loop , where it connects to the Cloudflare edge, but then cannot register the connection.
Configuration:
Cloud Run, using latest version of Cloudflared docker image
All traffic via VPC Serverless Access Connector
WARP routing enabled
Initially tried QUIC protocol, but changed to HTTP2 and no difference.
Redacted logs:
{
"textPayload": "2023-03-01T17:25:06Z ERR failed to serve incoming request error=\"Cloudflared reached the Cloudflare edge, but there was an unknown error registering the connection\"",
"insertId": "63ff8a72000bb37de9758def",
"resource": {
"type": "cloud_run_revision",
"labels": {
"project_id": "REDACTED",
"configuration_name": "cftunneldev-relay",
"revision_name": "cftunneldev-relay-tgyca",
"location": "europe-west2",
"service_name": "cftunneldev-relay"
}
},
"timestamp": "2023-03-01T17:25:06.766845Z",
"logName": "projects/REDACTED/logs/run.googleapis.com%2Fstderr",
"receiveTimestamp": "2023-03-01T17:25:06.772222545Z"
},
{
"insertId": "63ff8a72000bc30e1ce44f02",
"jsonPayload": {
"message": "Register tunnel error from server side",
"ip": "198.41.192.107",
"error": "Cloudflared reached the Cloudflare edge, but there was an unknown error registering the connection",
"level": "warn",
"connIndex": 1
},
"resource": {
"type": "cloud_run_revision",
"labels": {
"project_id": "REDACTED",
"configuration_name": "cftunneldev-relay",
"location": "europe-west2",
"service_name": "cftunneldev-relay",
"revision_name": "cftunneldev-relay-tgyca"
}
},
"timestamp": "2023-03-01T17:25:06Z",
"labels": {
"instanceId": "00f8b6bdb852b8bff86679b8abcca269fca896644fe40bee5fe152c400bd4664e8376294011dde87a66ee05b8178581da1e02055da62bde2979e98ff27695843"
},
"logName": "projects/REDACTED/logs/run.googleapis.com%2F%2Fvar%2Flog%2Fcloudflared.log",
"receiveTimestamp": "2023-03-01T17:25:07.101907374Z"
},
{
"insertId": "63ff8a72000bb49d4e774713",
"jsonPayload": {
"level": "error",
"message": "failed to serve incoming request",
"error": "Cloudflared reached the Cloudflare edge, but there was an unknown error registering the connection"
},
"resource": {
"type": "cloud_run_revision",
"labels": {
"service_name": "cftunneldev-relay",
"configuration_name": "cftunneldev-relay",
"revision_name": "cftunneldev-relay-tgyca",
"location": "europe-west2",
"project_id": "REDACTED"
}
},
"timestamp": "2023-03-01T17:25:06Z",
"logName": "projects/REDACTED/logs/run.googleapis.com%2F%2Fvar%2Flog%2Fcloudflared.log",
"receiveTimestamp": "2023-03-01T17:25:06.769845691Z"
}
Any help either getting this running, or clarifying if this is due to a hard limitation of GCP Cloud Run/ VPC Serverless Access Connectors would be much appreciated.