I have an app engine standard (2nd gen) service in europe-west1. I also have a GKE service behind a load balancer in us-central1. To hit the load balancer I setup a VPC connector in europe-west1 and updated the app engine service's app.yaml with the necessary VPC connector config however the service cannot hit the load balancer. Request's fail with a timeout error.
Is there a zone/region limitation with serverless VPC connectors? I am able to successfully hit the load balancer from a serverless function in the same region with another VPC connector in that same region.
The question has more to do with outbound traffic from the VPC connector and not inbound traffic to the connector from the serverless service. The answer incorporates comments in the question.
The VPC connector firewall doesn't appear to restrict outbound traffic to the region the connector is in so the issue may be with the load balancer's firewall restricting inbound traffic to the region it's in.
What was confusing is even though the VPC connector and app engine service are in the same region the request to the connector fails with a timeout, indicating that the connector couldn't be hit. That interpretation is likely wrong and rather the connector was hit but timed out forwarding the request to the load balancer because of the load balancer's firewall restriction