PROFESSIONAL-CLOUD-DEVELOPER · Question #209
You are planning to deploy hundreds of microservices in your Google Kubernetes Engine (GKE) cluster. How should you secure communication between the microservices on GKE using a managed service?
The correct answer is D. Install Anthos Service Mesh, and enable mTLS in your Service Mesh.. Anthos Service Mesh (ASM) is Google's fully managed service mesh built on Istio. It natively supports mutual TLS (mTLS), which provides both encryption and mutual authentication between microservices - ensuring each service cryptographically proves its identity before communicati
Question
You are planning to deploy hundreds of microservices in your Google Kubernetes Engine (GKE) cluster. How should you secure communication between the microservices on GKE using a managed service?
Options
- AUse global HTTP(S) Load Balancing with managed SSL certificates to protect your services
- BDeploy open source Istio in your GKE cluster, and enable mTLS in your Service Mesh
- CInstall cert-manager on GKE to automatically renew the SSL certificates.
- DInstall Anthos Service Mesh, and enable mTLS in your Service Mesh.
How the community answered
(33 responses)- A6% (2)
- B12% (4)
- C3% (1)
- D79% (26)
Explanation
Anthos Service Mesh (ASM) is Google's fully managed service mesh built on Istio. It natively supports mutual TLS (mTLS), which provides both encryption and mutual authentication between microservices - ensuring each service cryptographically proves its identity before communication is allowed. Option B (open-source Istio) also supports mTLS but is self-managed, not a managed service, so operational burden remains with the team. Option A (HTTP(S) Load Balancing) secures external traffic, not inter-service cluster communication. Option C (cert-manager) handles certificate lifecycle but does not provide a full service mesh or enforce mTLS policies across all services.
Topics
Community Discussion
No community discussion yet for this question.