Open rojomisin opened 1 year ago
hey @rojomisin , have you taken a look at this dockerfile? My fork has been merged into the official repo and contains a Dockerfile there.
yes! found that after posting this ty, that file wasn't on latest
.
I can build and push the image and pull from gcr.
I'm also using the terraform-jit-access module but have run into a couple issues.
Do you think this is best run in app engine instead of cloud run? would it run in gke?
After provisioning the cloud run module, I am unable to hit the url it does not even prompt for the IAP Oauth sign in screen.
Error: Forbidden
Access is forbidden.
There appear to be 2 types of IAP clients, native which is not editable, and ones created through the UI.
Does this work in your environment as-is? Not sure what I'm missing, and cannot find logs.
DNS is setup, confirmed the ssl cert is working to the public IP and backend, but now after IAP login I get
Error: Forbidden
Your client does not have permission to get URL / from this server.
looks like new CloudRun specific docs were added 👍 https://cloud.google.com/architecture/manage-just-in-time-privileged-access-to-project#cloud-run
@rojomisin have you tested with 1.0.1 release? (sorry late answer, but haven't noticed your replies)
hi @adriantr
thanks for creating this module, I am trying to figure out how to easily build the docker image from jit-access .jar. I'm thinking of cloning jit-access, adding a Dockerfile and configuring the maven build and artifact repo push like the github actions do.
The instructions on google's documentation for jit-access use
gcloud app deploy
Would it worthwhile to publish a jit-access public docker image?