How to enable Private Google Access for Source Repositories

Question

I have Private Google Access enabled on the Default network and and I can pull artifacts from Artifact Registry from a VM with no external IP address just fine

However I can't seem to access Source Repositories though. Looking at the documentation, source.developers.google.com is supported so I tried adding a DNS zone for that

But no luck.

Looking at logging on the firewall rules, I can see an ALLOW when I try and git clone, but the command just hangs and eventually times out

git clone ssh://my.email@myorg.com@source.developers.google.com:2022/p/source-proj/r/repo1

ssh: connect to host source.developers.google.com port 2022: Connection timed out

There is a default route for the internet (it works for googleapis.com)

gcloud compute routes list \
    --filter="default-internet-gateway default"
NAME                            NETWORK  DEST_RANGE  NEXT_HOP                  PRIORITY
default-route-cb7bfa9d0dedf120  default  0.0.0.0/0   default-internet-gateway  1000

And there is no deny rule on Egress.

How can I set it up?

Answer 1

Just sharing what @John Hanley suggested so that other user would be aware on this concern.

Regarding the connection @John Hanley mentioned to used http instead of ssh because of the limitation that can be found from this link that "private.googleapis.com and restricted.googleapis.com VIPs support only HTTP-based protocols over TCP (HTTP, HTTPS, and HTTP/2). All other protocols, including MQTT and ICMP, are not supported."