问题
I am working on deploying an API solution on GCP where mutual SSL/TLS is required (server and client side certificates). So for the ingress of the traffic (entry point) I found that kubernetes ingress controller has this possibility (NGINX based). I am interested by cloud endpoints which has ESP (extensible service proxy which is also nginx deployment under kubernetes).
I couldn't find anywhere in the documentation whether mutual SSL/TLS is available for ESP (cloud endpoint), does anyone know the answer for this ?
回答1:
This might be possible using Istio. Have you come across following article? which seems to suggest how to achieve MTLS for Endpoints.
https://istio.io/docs/examples/platform/endpoints/
回答2:
ESP supports mTLS. You can specify the certificates files here
proxy_ssl_certificate /etc/nginx/ssl/backend.crt;
proxy_ssl_certificate_key /etc/nginx/ssl/backend.key;
Here is its nginx config
来源:https://stackoverflow.com/questions/59195600/google-cloud-platform-cloud-endpoint-ssl-tls-mutual-handshake-esp