Securing an exposed load balancer service in kubernetes

11/5/2018

I have a workload deployed in kubernetes. I have exposed it using a load balancer service because I need an external IP to communicate with the workload. The external IP is now publicly accessible. How do I secure it so that only I will be able to access it from an external application?

-- Ben Abey
google-kubernetes-engine
kubernetes

1 Answer

11/5/2018

Kubernetes doesn't come with out-of-the-box authentication for external services. If you have more services and security is important for you I would take a look into istio project. You can configure authentication for your services in decalarative way using authentication policy: https://istio.io/docs/tasks/security/authn-policy/#end-user-authentication Using istio you can secure not only incoming connections, but also outgoing and internal traffic.

If you are new to service mesh concept and you don't know how to start, you can check kyma-project where istio is already configured and you can apply token validation with one click in UI or single kubectl command. Check the example: https://github.com/kyma-project/examples/tree/master/gateway

-- Piotr Bochynski
Source: StackOverflow