Is there any transport layer security guidance on secure communication 
between containers (pods) and/or services within the overlay network. Most 
discussions seem to be satisfied with TLS termination at the load balancer 
and dont talk about secure communication between nodes in the context of a 
kubernetes deployment. Either the network overlay is blindly trusted (with 
or without policy) however TLS communication between valid (policy) 
containers still requires TLS (IMO). Guidance on generating certificates 
for this communication seems to be not really talked about. Currently I see 
two options:

1. Generating a certificate valid for all services within DNS namespace 
 (e.g. securemicroservice.project.svc.cluster.local)
2. Generating a huge alternative names certificate for valid IPs within the 
overlay as show below

[alt_names]
DNS.1 = localhost
DNS.2 = server-lab
IP.1 = 11.3.0.1
IP.2 = 127.0.0.1
IP.3 = 10.10.2.100
...
IP.347 = 10.10.3.244

Maybe the network overlay one day will provide this functionality. I could 
have of course missed something in the network concept of kubernetes.

kind regards,

Andrew

-- 
You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to kubernetes-users+unsubscr...@googlegroups.com.
To post to this group, send email to kubernetes-users@googlegroups.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.

Reply via email to