Do my microservices need TLS too or is Ingress TLS termination enough?

1
votes

I am new to the whole container-orchestration world and was wondering if the microservices I deploy with Kubernetes need a secure connection too or if the Ingress TLS termination is enough.

For example I have an NGINX microservice with currently no SSL/TLS setup whatsoever. When users communicate with this microservice, the connection is encrypted because I set up an Ingress with TLS termination.

Are there any security drawbacks in such a scenario? I find it very hard to find proper literature regarding this topic.

1
sslkuberneteskubernetes-ingressnginx-ingress

1 Answers

1
votes

It definitely will work. I mean ingress with TLS termination. It depends on security requirements of your project. If you ok with un-encripted traffic inside your cluster, you can go with it.

Though, if you will be running micro-services in production, the best practice for secure service-to-service communication is Istio mesh with mutual TLS authentication

What it does is injects sidecar proxy (envoy) for each of your services enter image description here