Kubernetes中的Pod到Pod加密是什么?以及如何在kubernetes中使用mTLS来实现Pod到Pod的加密? [英] What is pod to pod encryption in kubernetes? And How to implement pod to pod encryption by using mTLS in kubernetes?
问题描述
我想通过使用mTLS来实现Pod到Pod的加密.还有一个我该怎么办 修改apiserver和etcd pod之间的TLS加密
I want to implement pod to pod encryption by use of mTLS. And Another one how can I Modify TLS encryption between the apiserver and etcd pods
推荐答案
我建议使用诸如istio或linkerd之类的服务网格. Service Mesh在Pod之间提供mTLS,您无需自己实现它.ServiceMeshe随同Pod一起部署诸如envoy之类的sidecar,sidecar负责在Pod之间启用mTLS的TLS终止.
I would suggest to use a service mesh such as istio or linkerd. Service mesh provides mTLS between pods and you don't need to implement it yourself.Service meshe deploys a sidecar such as envoy along with your pod and the sidecar takes care of TLS termination with mTLS enabled between pods.
https://istio. io/latest/docs/tasks/security/authentication/authn-policy/#auto-mutual-tls
这篇关于Kubernetes中的Pod到Pod加密是什么?以及如何在kubernetes中使用mTLS来实现Pod到Pod的加密?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!