ESPv2 with multiple backends

[Ross G]

Hi, I have a single public DNS api.mydomain.com served by Cloud Endpoints for GKE

I would now like to have multiple GKE deployments behind that one address available by

api.mydomain.com/api1

api.mydomain.com/api2

etc

The only way I can see to do that is to use x-google-backend in the OpenAPI spec with a publicly disoverable DNS for each deployment/service

I don't see how I can secure that to ensure no-one accesses those backend APIs directly? I need to make sure that access is via Cloud Endpoints only. 

What options do I have?

[Wayne Zhang]

How about using GKE External Load Balancer to dispatch based on the path "api1" or "api2" with two GKE deployment/services, "api1" and "api2".  ESP can be deployed as side-car container to each deployment.   You will need to have two Endpoint service config then

--
You received this message because you are subscribed to the Google Groups "Google Cloud Endpoints" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-cloud-endp...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-cloud-endpoints/42c05522-4203-4696-9073-901b5f493393n%40googlegroups.com.

[Teju Nareddy]

+1, I suggest you run ESPv2 as a sidecar for each one of your APIs. You will have a separate service config for each sidecar.

But there is no need to have ESPv2 sitting in front of the sidecars. 

You can use Cloud Load Balancers to just redirect traffic from api.mydomain.com to the correct GKE deployment.

[Ross G]

Thanks, good suggestions.

I hope one day we can connect to multiple private back ends from a single Cloud Endpoint config. It would be a great simplification