Securing kubernetes inter-service -- how is this done?

7/4/2019

I've seen Kubernetes Securing services but I am asking a more basic question.

How are the services secured? I have a repository layer that should not be available outside of the cluster, but only available to services within the cluster. I can't quite see how I can use kubernetes to handle that or whether it does it itself.

-- David Boshton
kubernetes

2 Answers

7/4/2019

ClusterIP is not available outside the cluster. If you create the service of type NodePort or LoadBalancer, then that can be accessed outside the cluster.

https://kubernetes.io/docs/concepts/services-networking/service/#publishing-services-service-types

-- Abhyudit Jain
Source: StackOverflow

7/4/2019

If you mean network level security by restricting how the service is accessed , then there are many types of kubernetes options that you use for exposing the service , but in your case , you expose it using the Service of Type ClusterIP so that it is only available inside the cluster.

Types of Services There are five types of Services:

ClusterIP (default): Internal clients send requests to a stable internal IP address.

NodePort: Clients send requests to the IP address of a node on one or more nodePort values that are specified by the Service.

LoadBalancer: Clients send requests to the IP address of a network load balancer.

ExternalName: Internal clients use the DNS name of a Service as an alias for an external DNS name.

Headless: You can use a headless service in situations where you want a Pod grouping, but don't need a stable IP address.

Here is a manifest for a Service of type ClusterIP:

apiVersion: v1
kind: Service
metadata:
  name: my-cip-service
spec:
  selector:
    app: metrics
    department: sales
  type: ClusterIP
  ports:
  - protocol: TCP
    port: 80
    targetPort: 8080
-- Ijaz Ahmad Khan
Source: StackOverflow