mirror of
https://github.com/pomerium/pomerium.git
synced 2025-05-02 11:56:02 +02:00
33 lines
1.3 KiB
Markdown
33 lines
1.3 KiB
Markdown
# Pomerium on Cloud Run
|
|
|
|
Run this demo with gcloud command line configured for your project. The commands assume
|
|
all resources (Cloud Run, Cloud DNS, and Secret Manager) are in a single project.
|
|
|
|
We recommend a dedicated project that is easy to clean up.
|
|
|
|
## Note
|
|
When deployed to [Cloud Run](https://cloud.google.com/run), your protected application must authenticate requests from Pomerium
|
|
by either inspecting the [X-Pomerium-Jwt-Assertion](https://www.pomerium.com/docs/reference/getting-users-identity.html),
|
|
or [GCP Serverless Authorization](https://cloud.google.com/run/docs/authenticating/service-to-service) header.
|
|
|
|
This demo includes a Cloud Run target configured to only accept requests from the Pomerium deployment.
|
|
|
|
## Includes
|
|
|
|
- Authentication and Authorization managed by pomerium
|
|
- Custom Cloud Run domains
|
|
- Cloud Run target
|
|
- HTTPBin target
|
|
|
|
## How
|
|
|
|
- Update `config.yaml` for your e-mail address, if not using gmail/google.
|
|
- Replace secrets in `config.yaml`.
|
|
- Replace `cloudrun.pomerium.io` with your own domain.
|
|
- Update your DNS
|
|
- Deploy config.yaml to Secret Manager
|
|
- Deploy the demo hello world app
|
|
- Deploy pomerium with policy
|
|
- Navigate to `https://verify.cloudrun.pomerium.io`
|
|
- Navigate to `https://hello-direct.cloudrun.pomerium.io`
|
|
- Navigate to `https://hello.cloudrun.pomerium.io`
|