Reputation: 149
Securing an exposed load balancer service in kubernetes
I have a workload deployed in kubernetes. I have exposed it using a load balancer service because I need an external IP to communicate with the workload. The external IP is now publicly accessible. How do I secure it so that only I will be able to access it from an external application?
Upvotes: 1
Views: 102
Answers (1)
Reputation: 382
Kubernetes doesn't come with out-of-the-box authentication for external services. If you have more services and security is important for you I would take a look into istio project. You can configure authentication for your services in decalarative way using authentication policy: https://istio.io/docs/tasks/security/authn-policy/#end-user-authentication Using istio you can secure not only incoming connections, but also outgoing and internal traffic.
If you are new to service mesh concept and you don't know how to start, you can check kyma-project where istio is already configured and you can apply token validation with one click in UI or single kubectl command. Check the example: https://github.com/kyma-project/examples/tree/master/gateway
Upvotes: 2
Related Questions
- How to restrict access to an external load balancer's endpoint
- Exposing kubernetes clusteer to "the world" without Load Balancer of cloud provider
- GKE: secured access to services from outside the cluster
- May I use a normal load balancer to expose a Kubernetes Service?
- Securing kubernetes inter-service -- how is this done?
- How to secure kubectl access?
- Kubernetes Securing services
- Kubernetes over internet
- GKE load-balanced service without public IP
- Secure Kubernetes API