Is there any transport layer security guidance on secure communication
between containers (pods) and/or services within the overlay network. Most
discussions seem to be satisfied with TLS termination at the load balancer
and dont talk about secure communication between nodes in the context of a
kubernetes deployment. Either the network overlay is blindly trusted (with
or without policy) however TLS communication between valid (policy)
containers still requires TLS (IMO). Guidance on generating certificates
for this communication seems to be not really talked about. Currently I see
1. Generating a certificate valid for all services within DNS namespace
2. Generating a huge alternative names certificate for valid IPs within the
overlay as show below
DNS.1 = localhost
DNS.2 = server-lab
IP.1 = 18.104.22.168
IP.2 = 127.0.0.1
IP.3 = 10.10.2.100
IP.347 = 10.10.3.244
Maybe the network overlay one day will provide this functionality. I could
have of course missed something in the network concept of kubernetes.
You received this message because you are subscribed to the Google Groups
"Kubernetes user discussion and Q&A" group.
To unsubscribe from this group and stop receiving emails from it, send an email
To post to this group, send email to email@example.com.
Visit this group at https://groups.google.com/group/kubernetes-users.
For more options, visit https://groups.google.com/d/optout.