pomerium/examples/cloudrun/README.md

Pomerium on Cloud Run

Run this demo with gcloud command line configured for your project. The commands assume all resources (Cloud Run, Cloud DNS, and Secret Manager) are in a single project.

We recommend a dedicated project that is easy to clean up.

Note

When deployed to Cloud Run, your protected application must authenticate requests from Pomerium by either inspecting the X-Pomerium-Jwt-Assertion, or GCP Serverless Authorization header.

This demo includes a Cloud Run target configured to only accept requests from the Pomerium deployment.

Includes

• Authentication and Authorization managed by pomerium
• Custom Cloud Run domains
• Cloud Run target
• HTTPBin target

How

• Update config.yaml for your e-mail address, if not using gmail/google.
• Replace secrets in config.yaml.
• Replace cloudrun.pomerium.io with your own domain.
• Update your DNS
• Deploy config.yaml to Secret Manager
• Deploy the demo hello world app
• Deploy pomerium with policy
• Navigate to https://verify.cloudrun.pomerium.io
• Navigate to https://hello-direct.cloudrun.pomerium.io
• Navigate to https://hello.cloudrun.pomerium.io