I am new to kuberenetes and cannot find any information about how secure is the communication between pods. Is it encrypted or not? Is there any mechanism that would block a potential attacker from listening in?
Asked
Active
Viewed 129 times
2 Answers
3
There are mechanisms to introduce the SSL certificates for communication, generally by design interpod communication is kept unencrypted only, as clusters are under a VPN itself of the provider.
For security perspective there are pod security policies which helps user to mention whether the user is root user or non-root user etc. and other capabilities for operations like chown etc.
Lastly there are provisions for Role based access control where you can create the service accounts for communication in different namespaces and can set different levels of read, write permissions for those respectively.
Tushar Mahajan
- 2,044
- 1
- 7
- 18
-
Could you list some of those mechanism that introduce SSL – CodeSamurai777 Jul 16 '20 at 14:41
-
I think these two links shall give you some idea, but this is at level of ingress only i.e. Loadbalancer. https://cert-manager.io/docs/installation/kubernetes/ – Tushar Mahajan Jul 16 '20 at 16:51
-
The other link is https://stackoverflow.com/questions/58423312/how-do-i-test-a-clusterissuer-solver/58436097?noredirect=1#comment103215785_58436097 – Tushar Mahajan Jul 16 '20 at 16:52
-
they show on how to handle TLS in this communication process and this is something that pods of nginx will alongside take care of – Tushar Mahajan Jul 16 '20 at 16:52
0
There are pod security policies, the most common is RBAC (Role-Based User Access Control) authorization.
You can learn more about it here.
Peter Csala
- 17,736
- 16
- 35
- 75
Devarsh Shah
- 1
- 1