A company is developing a microservices application on Google Cloud. Each service is deployed as a Docker container on Cloud Run. The development team wants to ensure that inter-service communication is encrypted and authenticated. What is the best approach?
Trap 1: Configure mutual TLS (mTLS) between services using Cloud Endpoints.
Cloud Run does not support mTLS natively; IAM-based authentication is preferred.
Trap 2: Deploy a sidecar proxy on each Cloud Run service to handle TLS…
Cloud Run does not support sidecar proxies; it uses built-in IAM authentication.
Trap 3: Assign a service account to each service and use its private key to…
Service account keys are not used for signing requests in Cloud Run; IAM tokens are used.
- A
Use Cloud Run's built-in IAM-based authentication and automatic TLS for internal requests.
Cloud Run uses IAM to authenticate requests between services and automatically provisions TLS certificates.
- B
Configure mutual TLS (mTLS) between services using Cloud Endpoints.
Why wrong: Cloud Run does not support mTLS natively; IAM-based authentication is preferred.
- C
Deploy a sidecar proxy on each Cloud Run service to handle TLS termination.
Why wrong: Cloud Run does not support sidecar proxies; it uses built-in IAM authentication.
- D
Assign a service account to each service and use its private key to sign requests.
Why wrong: Service account keys are not used for signing requests in Cloud Run; IAM tokens are used.