nerdexam
Google

PROFESSIONAL-CLOUD-DEVELOPER · Question #209

You are planning to deploy hundreds of microservices in your Google Kubernetes Engine (GKE) cluster. How should you secure communication between the microservices on GKE using a managed service?

The correct answer is D. Install Anthos Service Mesh, and enable mTLS in your Service Mesh.. Anthos Service Mesh (ASM) is Google's fully managed service mesh built on Istio. It natively supports mutual TLS (mTLS), which provides both encryption and mutual authentication between microservices - ensuring each service cryptographically proves its identity before communicati

Implementing security for microservices on GKE

Question

You are planning to deploy hundreds of microservices in your Google Kubernetes Engine (GKE) cluster. How should you secure communication between the microservices on GKE using a managed service?

Options

  • AUse global HTTP(S) Load Balancing with managed SSL certificates to protect your services
  • BDeploy open source Istio in your GKE cluster, and enable mTLS in your Service Mesh
  • CInstall cert-manager on GKE to automatically renew the SSL certificates.
  • DInstall Anthos Service Mesh, and enable mTLS in your Service Mesh.

How the community answered

(33 responses)
  • A
    6% (2)
  • B
    12% (4)
  • C
    3% (1)
  • D
    79% (26)

Explanation

Anthos Service Mesh (ASM) is Google's fully managed service mesh built on Istio. It natively supports mutual TLS (mTLS), which provides both encryption and mutual authentication between microservices - ensuring each service cryptographically proves its identity before communication is allowed. Option B (open-source Istio) also supports mTLS but is self-managed, not a managed service, so operational burden remains with the team. Option A (HTTP(S) Load Balancing) secures external traffic, not inter-service cluster communication. Option C (cert-manager) handles certificate lifecycle but does not provide a full service mesh or enforce mTLS policies across all services.

Topics

#GKE#Microservices Security#Service Mesh#mTLS

Community Discussion

No community discussion yet for this question.

Full PROFESSIONAL-CLOUD-DEVELOPER Practice