Kubernetes中的Pod到Pod加密是什么?以及如何在kubernetes中使用mTLS来实现Pod到Pod的加密? [英] What is pod to pod encryption in kubernetes? And How to implement pod to pod encryption by using mTLS in kubernetes?

问题描述

我想通过使用mTLS来实现Pod到Pod的加密.还有一个我该怎么办 修改apiserver和etcd pod之间的TLS加密

I want to implement pod to pod encryption by use of mTLS. And Another one how can I Modify TLS encryption between the apiserver and etcd pods

推荐答案

我建议使用诸如istio或linkerd之类的服务网格. Service Mesh在Pod之间提供mTLS，您无需自己实现它.ServiceMeshe随同Pod一起部署诸如envoy之类的sidecar，sidecar负责在Pod之间启用mTLS的TLS终止.

I would suggest to use a service mesh such as istio or linkerd. Service mesh provides mTLS between pods and you don't need to implement it yourself.Service meshe deploys a sidecar such as envoy along with your pod and the sidecar takes care of TLS termination with mTLS enabled between pods.

https://istio. io/latest/docs/tasks/security/authentication/authn-policy/#auto-mutual-tls

这篇关于Kubernetes中的Pod到Pod加密是什么?以及如何在kubernetes中使用mTLS来实现Pod到Pod的加密?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！