Authentication for Cloud Scheduler calling Cloud Run service

2
votes

I got a Cloud Run service than executes some background tasks, and I need it to do so every 15 minutes.

I'm using a Cloud Scheduler Job, which perfectly fits my needs, to call the HTTP endpoint every 15 minutes, but I would also like to setup authentication to avoid external calls.

In the Job config page it allows me to add an auth header, but I cannot set an OAuth token because the service endpoint is not considered a Google service ( it does not end with "googleapis.com" ).

How am I supposed to handle Cloud Scheduler - Cloud Run authentication?

2
google-cloud-rungoogle-cloud-scheduler

2 Answers

2
votes

Cloud Run authenticates by validating OIDC token rather than OAuth token.

Please see this doc about how to set up for Cloud Scheduler: https://cloud.google.com/scheduler/docs/http-target-auth

1
votes

If you define your Cloud Scheduler job via the CLI you can manually specify headers that you could use for authentication.

This allows more lightweight solutions than OIDC and OAuth.