Hello ahmetb, thanks for providing support for this project.

I would like to know what is the supported Cloud Run Triggers I should be configuring on my target-services?

For example originally, we used Ingress configured to "Allow all traffic"
and Authentication configured to "Allow unauthenticated invocations"
which I know, for obvious reasons is very bad.

With this project/module/runsd, we are now able to configure "Require authentication" on the target-service (which is a big improvement)

However, when we tried to configure the Ingress to "Internal traffic only", we get a 403 Access forbidden - that's all we know, error

The target-service is being requested via an nginx reverse-proxy service (our frontend-app), so we should be correct to assume both source and target service is "internal traffic"

Or are we missing something / some core-concept?

edit**
additionally, from what I can tell, the target-service didn't even receive the request; and the source-service (our frontend nginx service) just logged a 403, and nothing else

This tool predates "Ingress" configuration feature so I have not tested.

I don't know if Internal only ingress allows Cloud Run to Cloud Run. Please consult the feature documentation.

runsd is a simple tool, it just rewrites your request with an Authorization header and adds HTTPS. (See README for architecture diagram). So the request still originates from your container –there's no magic that would make runsd relevant to the Ingress feature.

thanks for the info