Integration with other Google Cloud services

This document provides a summary of the Google Cloud services that have an integration with Certificate Authority Service.

Anthos Service Mesh

Anthos Service Mesh is a suite of tools that helps you monitor and manage a reliable service mesh on-premises or on Google Cloud. You can configure Anthos Service Mesh to use CA Service for the following use cases:

  • If you need a dedicated certificate authority (CA) to sign workload certificates that's not shared with other users, or different CAs on different clusters.
  • If you need to back your signing keys in a managed HSM.
  • If you are in a highly regulated industry and are subject to compliance.
  • If you want your workload certificates in Anthos Service Mesh to chain up to an existing enterprise root CA certificate.

To learn how to use CA Service with Anthos Service Mesh, see Install default features and Certificate Authority (CA).

Traffic Director

Traffic Director lets you secure service-to-service communications in your mesh. CA Service integrates with Traffic Director to provide identity certificates to workloads running on Google Kubernetes Engine. You can modify your pods to allow workloads to receive and use these credentials for mTLS.

To learn how to use CA Service with Traffic Director, see the following pages:

Certificate Manager

CA Service integrates with Certificate Manager to simplify the process of managing the lifecycle of private certificates and provisioning private certificates to your load balancers before the certificates expire. CA Service contains the CA pool that issues the private certificates while Certificate Manager lets you configure the issuance and provisioning of certificates to your load balancers.

To learn how to use Certificate Manager with CA Service, see Configure CA Service integration with Certificate Manager.

What's next