K8s Inter-service communication via FQDN


I have two services deployed to a single cluster in K8s. One is IS4, the other is a client application.

According to leastprivilege, the internal service must also use the FQDN.

The issue I'm having when developing locally (via skaffold & Docker) is that the internal service resolves the FQDN to (the cluster). Is there any way to ensure that it resolves correctly and routes to the correct service?

Another issue is that internally the services communicate on HTTP, and publicly they expose HTTPS. With a URL rewrite I'm able to resolve the DNS part, but I'm unable to change the HTTPS calls to HTTP as NGINX isn't called, it's a call direct to the service. If there is some inter-service ruleset I can hook into (similar to ingress) I believe I could use that to terminate TLS and things would work.

Edit for clarification: I mean, I'm not deploying to AKS. When deployed to AKS this isn't an issue.

HTTPS is explosed via NGingx ingress, which terminates TLS.

-- Stevey

0 Answers