Is there any transport layer security guidance on secure communication 
between containers (pods) and/or services within the overlay network. Most 
discussions seem to be satisfied with TLS termination at the load balancer 
and dont talk about secure communication between nodes in the context of a 
kubernetes deployment. Either the network overlay is blindly trusted (with 
or without policy) however TLS communication between valid (policy) 
containers still requires TLS (IMO). Guidance on generating certificates 
for this communication seems to be not really talked about. Currently I see 
two options:

1. Generating a certificate valid for all services within DNS namespace 
 (e.g. securemicroservice.project.svc.cluster.local)
2. Generating a huge alternative names certificate for valid IPs within the 
overlay as show below

DNS.1 = localhost
DNS.2 = server-lab
IP.1 =
IP.2 =
IP.3 =
IP.347 =

Maybe the network overlay one day will provide this functionality. I could 
have of course missed something in the network concept of kubernetes.

kind regards,


You received this message because you are subscribed to the Google Groups 
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
To post to this group, send email to
Visit this group at
For more options, visit

Reply via email to