We would be deploying a set of microservices (as containers) on Google Kubernetes Cluster. We would use Google Endpoints for API management and deploy the google endpoint container along with our microservices container.
We would further create an Ingress Controller (of type Load Balancer) and expose our application microservices over HTTPS. All incoming HTTPS requests would go to a Load balancer, which would direct them to one of the nodes in the Kubernetes Cluster. In the nodes, the requests would first go to Google endpoint (which would validate the endpoint key and logs all endpoint request) and then to the respective microservice endpoints.
There are additional requirements on ensuring only authorized IPs access our microservices. We will learn how to whitelist the IPs using two approaches – Google Cloud Armor and Nginx Ingress Controller (instead of the default Google Ingress Controller).
Similarly, for outbound connections, we would be connecting to third-party services. The third-party services employ similar IP whitelisting requirements, and we’ll need to provide our set of outbound IPs that would connect to these third-party services. For this requirement, we would be use Google Cloud NAT to provide our private Google Kubernetes Engine (GKE) clusters the ability to connect to the Internet, as well as Static outbound IPs that we can configure and provide to third-party services to whitelist on their servers.
There are additional requirements on ensuring only authorized IPs access our microservices. We will learn how to whitelist the IPs using two approaches – Google Cloud Armor and Nginx Ingress Controller (instead of the default Google Ingress Controller).
Similarly, for outbound connections, we would be connecting to third-party services. The third-party services employ similar IP whitelisting requirements, and we’ll need to provide our set of outbound IPs that would connect to these third-party services. For this requirement, we would be use Google Cloud NAT to provide our private Google Kubernetes Engine (GKE) clusters the ability to connect to the Internet, as well as Static outbound IPs that we can configure and provide to third-party services to whitelist on their servers.