K
Q

Do my microservices need TLS too or is Ingress TLS termination enough?

5/13/2019

I am new to the whole container-orchestration world and was wondering if the microservices I deploy with Kubernetes need a secure connection too or if the Ingress TLS termination is enough.

For example I have an NGINX microservice with currently no SSL/TLS setup whatsoever. When users communicate with this microservice, the connection is encrypted because I set up an Ingress with TLS termination.

Are there any security drawbacks in such a scenario? I find it very hard to find proper literature regarding this topic.

-- Alex Gogl
kubernetes
kubernetes-ingress
nginx-ingress
ssl

Similar Questions

how to get SRV DNS address for statefulset headless service
Block access between namespaces but allow access for external traffic
Why does the logstash pod continually fail for the elastic-stack Helm chart?
Kubernetes Cloud SQL sidecar connection timed out. How to check if credentials work?

1 Answer

5/14/2019

It definitely will work. I mean ingress with TLS termination. It depends on security requirements of your project. If you ok with un-encripted traffic inside your cluster, you can go with it.

Though, if you will be running micro-services in production, the best practice for secure service-to-service communication is Istio mesh with mutual TLS authentication

What it does is injects sidecar proxy (envoy) for each of your services enter image description here

-- A_Suh
Source: StackOverflow