We have setup a service on GCE that is meant to serve requests from both the internet and from other services inside of our VPC.
To manage this we've setup two load balancers in parallel, the first is a global HTTPS load balancer and the second an internal HTTPS load balancer. Both load balancers have backend services configured to send traffic to the same instance groups hosting our service.
For the global load balancer, we've created self-managed certs for our domains and setup a small vm to refresh these certs periodically.
We are stuck on how to configure certs for the internal load balancer. From our research it seems like the best options come down to creating self-signed certs and installing/trusting them on each VM that will communicate with the LB. However, it seems like the management of this (or similarly of managing our own local CA) could be costly. Does GCP offer any help in managing certs for internal deployments? Are we stuck with the self-signed cert route? Or, is there another approach that we should be exploring?
Thanks and we appreciate the help!