Use this option if your service is a public API or website.
You can allow unauthenticated invocations to a service by assigning the IAM
Cloud Run Invoker role to the
allUsers member type, at any time using
the console or the gcloud command line:
Go to the Google Cloud Platform Console:
Select the service you want to make public.
Click Show Info Panel in the top right corner to show the Permissions tab.
In the Add members field,
Select the Cloud Run Invoker role from the Select a role drop-down menu.
You can also allow unauthenticated invocations to a service when
you deploy: check the checkbox labelled Allow unauthenticated invocations if
you use the console. If you use the gcloud command line
gcloud beta run deploy, you are prompted to
allow unauthenticated access. Responding "yes" will perform the actions
described above in the gcloud tab to make the service publicly available.
Responding "no" leaves the service private.
You can make a service publicly accessible by adding the special
member type to a service and granting it the
gcloud beta run services add-iam-policy-binding [SERVICE_NAME] \ --member="allUsers" \ --role="roles/run.invoker"
This role is included in
gcloud beta run services update with the
gcloud beta run services update [SERVICE_NAME] --allow-unauthenticated
Additionally, when you deploy your service with the
gcloud beta run deploy command, you can specify whether
or not to make your service publicly accessible:
gcloud beta run deploy [SERVICE_NAME] ... --allow-unauthenticated
Subsequent deployments lacking the
--allow-unauthenticated flag will not
change the IAM policy.