I have created a cloud run service I want to access this service in my web application which is running in Appengine ( Flexible Instances ). My web application is in a different google cloud project than cloud run service is created.
I don't want to make cloud run service open to public so I have selected the option "Require Authentication" in Authentication section. And selected "Allow all Traffic" in Ingress section. Also added the Cloud run permission for the appengine service accounts where I have hosted my webapp. After doing these settings I am not able to access the cloud run service (url) via appengine. It is returning Forbidden error. I am testing the access to url by sshing to the Appengine instance.
So what is the recomended options and settings to make it work ?
CodePudding user response:
Your configuration is great, but the authentication mechanism is not automatic. You have to add in the header of each request, the authorization: bearer <token>
header.
The <token>
is the identity token that you can generate with the App Engine flex service account. Don't forget to add the audience when you generate your identity token (audience=https://your-service-hash-region.run.app
-> no addition path)