创建两个服务;一是个公共前端,另一个是安全后端。使用 IAM 政策配置访问权限。
代码示例
Terraform
如需了解如何应用或移除 Terraform 配置,请参阅基本 Terraform 命令。 如需了解详情,请参阅 Terraform 提供程序参考文档。
后续步骤
如需搜索和过滤其他 Google Cloud 产品的代码示例,请参阅Google Cloud 示例浏览器。
安全的 Cloud Run 服务
如未另行说明,那么本页面中的内容已根据知识共享署名 4.0 许可获得了许可,并且代码示例已根据 Apache 2.0 许可获得了许可。有关详情,请参阅 Google 开发者网站政策。Java 是 Oracle 和/或其关联公司的注册商标。
[[["易于理解","easyToUnderstand","thumb-up"],["解决了我的问题","solvedMyProblem","thumb-up"],["其他","otherUp","thumb-up"]],[["很难理解","hardToUnderstand","thumb-down"],["信息或示例代码不正确","incorrectInformationOrSampleCode","thumb-down"],["没有我需要的信息/示例","missingTheInformationSamplesINeed","thumb-down"],["翻译问题","translationIssue","thumb-down"],["其他","otherDown","thumb-down"]],[],[],[],null,["# Secure Cloud Run services\n\nCreate two services; one a public front end, the other a secure backend. Uses IAM policies to configure access.\n\nCode sample\n-----------\n\n### Terraform\n\n\nTo learn how to apply or remove a Terraform configuration, see\n[Basic Terraform commands](/docs/terraform/basic-commands).\n\n\nFor more information, see the\n[Terraform provider reference documentation](https://registry.terraform.io/providers/hashicorp/google/latest/docs).\n\n resource \"google_cloud_run_v2_service\" \"renderer\" {\n name = \"renderer\"\n location = \"us-central1\"\n\n deletion_protection = false # set to \"true\" in production\n\n template {\n containers {\n # Replace with the URL of your Secure Services \u003e Renderer image.\n # gcr.io/\u003cPROJECT_ID\u003e/renderer\n image = \"us-docker.pkg.dev/cloudrun/container/hello\"\n }\n service_account = google_service_account.renderer.email\n }\n }\n\n resource \"google_cloud_run_v2_service\" \"editor\" {\n name = \"editor\"\n location = \"us-central1\"\n\n deletion_protection = false # set to \"true\" in production\n\n template {\n containers {\n # Replace with the URL of your Secure Services \u003e Editor image.\n # gcr.io/\u003cPROJECT_ID\u003e/editor\n image = \"us-docker.pkg.dev/cloudrun/container/hello\"\n env {\n name = \"EDITOR_UPSTREAM_RENDER_URL\"\n value = google_cloud_run_v2_service.renderer.uri\n }\n }\n service_account = google_service_account.editor.email\n\n }\n }\n\n resource \"google_service_account\" \"renderer\" {\n account_id = \"renderer-identity\"\n display_name = \"Service identity of the Renderer (Backend) service.\"\n }\n\n resource \"google_service_account\" \"editor\" {\n account_id = \"editor-identity\"\n display_name = \"Service identity of the Editor (Frontend) service.\"\n }\n\n resource \"google_cloud_run_service_iam_member\" \"editor_invokes_renderer\" {\n location = google_cloud_run_v2_service.renderer.location\n service = google_cloud_run_v2_service.renderer.name\n role = \"roles/run.invoker\"\n member = \"serviceAccount:${google_service_account.editor.email}\"\n }\n\n data \"google_iam_policy\" \"noauth\" {\n binding {\n role = \"roles/run.invoker\"\n members = [\n \"allUsers\",\n ]\n }\n }\n\n resource \"google_cloud_run_service_iam_policy\" \"noauth\" {\n location = google_cloud_run_v2_service.editor.location\n project = google_cloud_run_v2_service.editor.project\n service = google_cloud_run_v2_service.editor.name\n\n policy_data = data.google_iam_policy.noauth.policy_data\n }\n\n output \"backend_url\" {\n value = google_cloud_run_v2_service.renderer.uri\n }\n\n output \"frontend_url\" {\n value = google_cloud_run_v2_service.editor.uri\n }\n\nWhat's next\n-----------\n\n\nTo search and filter code samples for other Google Cloud products, see the\n[Google Cloud sample browser](/docs/samples?product=cloudrun)."]]