I am learning Kubernetes and trying to understand basic architecture and security.
Here is one of the possible architecture I am trying to build
I am also planning to have SSO type of implementation within cluster which will be able to provide Auths to ingress rules.
So below are some types of connection
POD to storage connection - Using PVC or Volume claim template (for stateful set) to get PV can be provisioned backed by storage class. But how is the connection between POD and storage is made? Does it cross internet? Auths are not required, but if it crosses public internet so what about TLS?
I see some one suggesting ingress controller for each POD. Will it not be too much if only SSL is required?