Awesome
OAuth Reverse Proxy for Google Cloud Run Services
Create a service for auth proxy
Here, we are creating a servive for auth proxy with a hello world docker image. This step is to get the service URL for configuration in later steps.
gcloud beta run deploy --image gcr.io/cloudrun/hello --region=us-central1 auth-proxy
# make sure you are making this endpoint public
Get the service url for auth proxy and set as an environment variable
export SERVICE_URL=https://auth-proxy-xxxxxxxxxxxx.a.run.app
Create OAuth credentials and set them as environment variables
export CLIENT_ID= ...
export CLIENT_SECRET= ...
Add your service url auth endpoint to the authorized redict URIs filed in your OAuth app. e.g. https://auth-proxy-xxxxxx.a.run.app/auth
Set destination service URL
export DST_SERVICE_URL=https://tensorboard-xxxxxxxx-uc.a.run.app
In this example, we are setting the destination service url to a tensorboard service running on cloud run. This is the service you want to proxy all the requests to.
Build base docker image
./build_base_docker_image.sh
Build and push the OAuth reverse proxy docker image
export PROJECT_NAME=$(gcloud config get-value project | head -n1)
export IMAGE_NAME=gcr.io/$PROJECT_NAME/oauth_proxy:latest
docker build -t $IMAGE_NAME .
docker push $IMAGE_NAME
Update auth proxy service with right docker image and env variables
gcloud beta run deploy auth-proxy \
--image=$IMAGE_NAME \
--region=us-central1 \
--update-env-vars=CLIENT_ID=$CLIENT_ID,CLIENT_SECRET=$CLIENT_SECRET,SERVICE_URL=$SERVICE_URL,DST_SERVICE_URL=$DST_SERVICE_URL