i am currently getting my head around "gcp cloud run". my biggest concern at the moment is that it seems traffic behind the endpoint (loadbalancer) is not encrypted up to the container instance. is that assumption correct?
client -> internet -> gloud run endpoint (TLS) -> 1-n "my container instance(s)" on port 8080 (http, unencrypted, on shared gcp infrastructure)
that would be a no-go for my companies security policies which say that all traffic um to the instance needs to be "encrypted in transport"
from the unofficial cloud run faq i read this (which doesn't really make sense to me):
Since your app serves traffic on PORT (by default 8080) unencrypted, you might think the connection between Cloud Run’s load-balanced endpoint and your application is unencrypted.
However, the transit between Google’s frontend/load balancer and your Cloud Run container instance is encrypted. Google terminates TLS/HTTPS connections before they reach your application, so that you don’t have to handle TLS yourself.
thanks, any help highly appreciated
marcel
