Searching in

Enter search term to find items
to navigate, to select, and to close

Securing Microservices: mTLS in Kubernetes

Posted on by Nithin Mohan TK 1 min read

In a Zero Trust network, we assume the network is hostile. This means Pod-to-Pod communication inside Kubernetes must be encrypted.

Implicit vs Explicit mTLS

Managing certificates manually is impossible. We use a Service Mesh (Linkerd or Istio).

flowchart LR
    ServiceA[Service A] -- HTTP --> ProxyA[Linkerd Proxy]
    ProxyA -- mTLS (HTTPS) --> ProxyB[Linkerd Proxy]
    ProxyB -- HTTP --> ServiceB[Service B]
    
    style ProxyA fill:#E1F5FE
    style ProxyB fill:#E1F5FE

The application code (Service A) knows nothing about encryption. It talks to `localhost`. The proxy intercepts and upgrades the connection to mTLS.

Discover more from C4: Container, Code, Cloud & Context

Subscribe to get the latest posts sent to your email.

Posted in Uncategorized
Tagged

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.