K
Q

K8s Inter-service communication via FQDN

8/28/2019

I have two services deployed to a single cluster in K8s. One is IS4, the other is a client application.

According to leastprivilege, the internal service must also use the FQDN.

The issue I'm having when developing locally (via skaffold & Docker) is that the internal service resolves the FQDN to 127.0.0.1 (the cluster). Is there any way to ensure that it resolves correctly and routes to the correct service?

Another issue is that internally the services communicate on HTTP, and publicly they expose HTTPS. With a URL rewrite I'm able to resolve the DNS part, but I'm unable to change the HTTPS calls to HTTP as NGINX isn't called, it's a call direct to the service. If there is some inter-service ruleset I can hook into (similar to ingress) I believe I could use that to terminate TLS and things would work.

Edit for clarification: I mean, I'm not deploying to AKS. When deployed to AKS this isn't an issue.

HTTPS is explosed via NGingx ingress, which terminates TLS.

-- Stevey
kubernetes
nginx

Similar Questions

Kubernetes network policy egress ports
rke etcd snapshot have so many errors
Power cycle of one of the worker nodes becomes useless since after restart the pods struck in “ContainerCreating” state
Is it possible to expose the contents of application.properties as key/value pairs in env inside the container?
how can i resize a pvc when my backend storage provider is "vsphere"?

0 Answers