Google cloud platform Cloud Endpoint SSL/TLS mutual handshake ESP

0
votes

I am working on deploying an API solution on GCP where mutual SSL/TLS is required (server and client side certificates). So for the ingress of the traffic (entry point) I found that kubernetes ingress controller has this possibility (NGINX based). I am interested by cloud endpoints which has ESP (extensible service proxy which is also nginx deployment under kubernetes).

I couldn't find anywhere in the documentation whether mutual SSL/TLS is available for ESP (cloud endpoint), does anyone know the answer for this ?

2
securitygoogle-cloud-platformgoogle-cloud-endpointsmutual-authenticationmtls
I found this documentaion which explain how to enable SSL/TLS for Cloud Endpoints.chainicko
@chainicko SSL is different from mTLS.Timothy Leung

2 Answers

0
votes

This might be possible using Istio. Have you come across following article? which seems to suggest how to achieve MTLS for Endpoints.

https://istio.io/docs/examples/platform/endpoints/

0
votes

ESP supports mTLS. You can specify the certificates files here

      proxy_ssl_certificate /etc/nginx/ssl/backend.crt;
      proxy_ssl_certificate_key /etc/nginx/ssl/backend.key;

Here is its nginx config