I'm pretty newbie in kubernetes. I'm wondering what is the best production deployment scenario in kubernetes environments.
In the old school I was used to put in DMZ layer just the Web Server (e.g. Nginx or Apache) and in other layer (let's call it AS Layer). In this way just the web server are on DMZ and a malicious attack can be done just only on the Web Server VMs.
As far as I know this approach is no more needed in K8S deployments; this because K8S handles the network, pods and traffic by itself. So I was thinking about the most sure deployment scenario.
Let's suppose to have 3 worker nodes and 3 master nodes. I actually deploy my solution like in this picture:
As you can see I put in DMZ layer just the worker nodes; master nodes are in the AS layer.
What I'm wondering is: is this deployment "sure enough". What I'm worried about is that is there is a malicious attack, the hacker will access to the worker node that is much different from a Web Server (where he can find just static files)
Another scenario, in "old style school" would be the following one:
In this case in the DMZ i just put Web Server and in the AS layer I put the full K8S cluster. But I don't know if this makes sense and how much feasible it is (every time a new POD/Service is added to the cluster maybe I should configure the Web Servers in DMZ in order to route requests to this new Service)
What do you think about the two approaches? Which one is the "best"?
Thank you
Angelo
