Cloud Run VPC Networking: The Two Modes That Can't Coexist

If you've ever seen the error "VPC connector and direct VPC can not be used together" when deploying a Cloud Run service, you've hit one of GCP's most confusing networking gotchas. It took us 3 days of debugging to figure out what was happening. This guide explains the two VPC networking modes on Cloud Run, why they conflict, and how to fix it. The Two Networking Modes Cloud Run services can connect to VPC resources (like Cloud SQL, Memorystore Redis, or private GKE clusters) in two ways: Mode 1: VPC Connector (Serverless VPC Access) A VPC Connector is a managed service that creates a bridge between your Cloud Run service and your VPC network. It's the recommended approach for most use cases. # Deploy with VPC Connector gcloud run deploy my-service \ --vpc-connector projects/PROJECT_ID/locations/REGION/connectors/CONNECTOR_NAME \ --vpc-egress all-traffic When to use: You need access to private IP resources (Cloud SQL private IP, Memorystore, private GKE) You want managed networking (Go