mTLS support for Runway Services
Based off feedback here we could look into supporting mtls communication between runway services. The docs at https://cloud.google.com/load-balancing/docs/mtls seem to indicate we can do this through the Global Application Load Balancer we already have setup for each Runway service. It would be a case of exposing the configuration options we want to users via runway.yml
and then updating the terraform code to support configuring mtls when necessary.
We would need to then manage our own CA for Runway, and also have to think about how this is going to fit into the overall philosophy of Runway which is meant to abstract away underlying complexities. A service with mtls enabled for example won't be accessible to end users in their browser or tooling. A service with mtls enabled can choose to allow people with bad certificates or not.
Reference: