Issues2021
Reputation: 23
How SSL communication between Azure AKS pods using Azure CNI can be enabled?
I have deployed an Azure AKS cluster using Azure CNI behind Application Gateway. Currently, internal pod communication is via http. I am trying to make this communication secure by implementing SSL. I didn't find any optimal solution after skimming through MSDN and Kubernetes documentation. Is there any way this can be achieved?
Upvotes: 2
Views: 1292
Answers (1)
Andriy Bilous
Reputation: 2522
CNI won't automatically encrypt the communication between pods on its own. You could use external tools like Linkerd or Istio which could encrypt traffic between pods
Linkerd and Isito will encrypt traffic with mTLS out of the box.
https://linkerd.io/2/features/automatic-mtls/
https://istio.io/v1.4/docs/tasks/security/authentication/auto-mtls/
Upvotes: 2
Related Questions
- How can I easily set up HTTPS between ASP.NET Core Pods inside a Kubernetes cluster?
- Azure App Service Certificate ssl to AKS ingress
- Azure Kubernetes Service (AKS) : How to enable HTTPS between Nginx Kubernetes Ingress Controller & Asp.Net Core 6.0 WebAPI PODs?
- How to install Kubernetes PKI certificates in AKS cluster
- Provide certificate file into pod in k8s
- Use https protocol for endpoints in Kubernetes Services
- Cert-Manager provide own SSL Certificate for AKS
- How to expose an http/https application on Azure Kubernetes Services
- Kubectl: Accessing the AKS (Kubernetes) public API endpoint through a corporate SSL-aware proxy
- HTTPS with Azure Container Services and Kubernetes