Hey Alexandre!! Happy to have some news :) And thanks for reading.

The load balancer is a simple proxy, it forwards the existing headers to the backend, add few, and you can add custom headers.

If you set your Cloud Run instance private, you need to provide an identity token. Add it to your request with you call the load balancer, it will forward the Authorization token to the backend and you will be authenticated
If not, you will be rejected.

Now, if you want a layer able to generate identity token for you and use another way to be authenticated (such as API Keys, third party OAuth2 token, Firebase Auth (or Google Cloud Identity Platform, the Google Cloud version of Firebase Auth)), you can use Cloud Endpoint with ESPv2, or now, it’s fully managed version: API Gateway.

Let me know if you need more guidance or pieces of advice :)