Encryption in Transit in Google Cloud

This document has been a long-time coming, and finally lets us talk about the encryption we perform on your behalf when transiting outside our physical boundaries. There are lots of paths, but I think the diagram [1] captures it well.<p>Edit: Of particular note is that if you have a VM in say us-central1 talking to another of your VMs in us-east1, we encrypt that traffic across regions (even though it&#x27;s riding our backbone).<p>Disclosure: I work on Google Cloud (and even sort of contributed to this).<p>[1] <a href="https:&#x2F;&#x2F;cloud.google.com&#x2F;images&#x2F;security&#x2F;whitepaper-transit-01.svg" rel="nofollow">https:&#x2F;&#x2F;cloud.google.com&#x2F;images&#x2F;security&#x2F;whitepaper-transit-...</a>

The key thing here for my use-case is this point (which took a lot of digging to uncover when I last dove into this a year or so ago):<p>&gt; Data in transit inside a physical boundary controlled by or on behalf of Google is generally authenticated but not necessarily encrypted.<p>Previously I believe this was not explicitly called out, but this is very important for GKE! In the default configuration, Kubernetes can arbitrarily bounce Service traffic between nodes, since the cloud LB selects a node at random, and then the Service iptables rules redirect the traffic to a node which hosts a pod that backs the Service.<p>So if your regulatory environment (or SLA) requires end-to-end encryption, you are not covered using GKE out of the box.<p>Options I&#x27;ve found to resolve this:<p>1) TLS to-the-pod<p>2) Using source-IP-address-preservation to ensure that the Service doesn&#x27;t reroute your traffic to another node.<p>I&#x27;d really prefer if Google made this limitation a bit clearer in their GKE docs, since it&#x27;s a major security gotcha, and took me a lot of digging to piece together. But it&#x27;s definitely a big step forwards that the encryption policy is spelled out explicitly here.

Can someone explain how this pertains to Firebase hosted and FB realtime DB apps built using Angular5?

Direct link to PDF version: <a href="https:&#x2F;&#x2F;cloud.google.com&#x2F;security&#x2F;encryption-in-transit&#x2F;resources&#x2F;encryption-in-transit-whitepaper.pdf" rel="nofollow">https:&#x2F;&#x2F;cloud.google.com&#x2F;security&#x2F;encryption-in-transit&#x2F;reso...</a>

I read &quot;Encryption in Google Transit&quot; for a second and was confused.