You can send HTTPS requests from anything able to make HTTPS requests to trigger a Cloud Run-hosted service. Note that all Cloud Run services have a stable HTTPS URL.
Some of the use cases include:
- Custom RESTful web API
- Private microservice
- HTTP middleware or reverse proxy for your web applications
- Pre-packaged web application
Creating public services
Creating a public service on Cloud Run requires:
- Access to the service from the public internet
- A URL intended for public use
You can use the stable, auto-assigned URL provided on the first deployment of your service as the public URL on fully managed Cloud Run. To determine the URL of a deployed service:
gcloud run services describe SERVICE --format 'value(status.url)'
You can also use your own custom domain that maps to the service. For fully managed Cloud Run, this automatically provides managed SSL certificates.
Cloud Run (fully managed) redirects all HTTP requests to HTTPS but terminates
TLS before they reach your web service. If your service generates a web resources
that refers to other web resources with unsecured URLs (
http://), your page may
be subject to mixed content warnings or errors.
https protocol for all reference web URIs or account
for proxy directives in the HTTP Request such as the
X-Forwarded-Proto HTTP header.
Creating private services
Creating a private service on Cloud Run requires you to limit access to the service.
The easiest way for developers to test private services is to use a tool
curl and pass an auth token in the
curl -H "Authorization: Bearer $(gcloud auth print-identity-token)" SERVICE_URL
Note that a Cloud Run service can call another managed Cloud Run service with service-to-service authentication.
For Cloud Run for Anthos on Google Cloud, you can use the internal connectivity setting to prevent external requests from routing to your service.
In addition to the above listed ways to limit access, you can also limit access to a service using application-level authorization and authentication mechanism, for example, using Identity Platform. For a tutorial on doing this with Cloud Run for Anthos on Google Cloud, refer to Authenticating Cloud Run on GKE end users using Istio and Identity Platform.
Using a middleware to enhance your service
HTTPS proxies can offload common functionality from an HTTP service, such as caching, request validation, or authorization. For microservices, many HTTP proxies are part of an API Gateway solution or a service mesh such as Istio.
Google Cloud products that you can use to enhance your Cloud Run service include: