Why we need encryption inside a Kubernetes cluster

I am sure you are most probably familiar with concept of HTTPS, SSL or TLS. Lets discuss very high level setup. Assume any kind of a client whose going to have a conversation with a server and we want the conversation between two to be encrypted. The standard established protocol for doing so is HTTPS.

In this case we can be sure that any data we send from client to server is being encrypted. So anything we send such as usernames, passwords, credit card numbers. We do not go in to details about how it works as you can read plenty of resources online. In summary, HTTPS is a protocol where the client is going to request a certificate from the server, that server will contain the server’s public key and the client can use that to determine whether the server is to be trusted or not.

When the process is complete, then this is where the TLS part comes in. The TLS is going to encrypt the data that’s being sent to the server and the data that’s being returned back from the server. These are long established standards achieved by server having a certificate which has been issues by a certificate authority that the client can use to do a validation.

Yes above is very high level explanation but the key thing is we have the secure connection between the client and the server. In other words it will prevent the man in the middle attack as data communication is encrypted all the way along the chain and all the way back.

Security of a cluster

Lets assume below cluster managed by Kubernetes.

By default all communication between pods are over HTTP

Is it really an issue? Do you care the traffic between your Pods is encrypted? YES, you should.

Why we should encrypt the communication between Pods?

Lets think about below birds eye view of a common architecture.

This seems like a OK set up

Above is really secured? It sounds like YES. The reason is the communication out side the cluster is…