I want to enable SSL within my Kubernetes cluster to let my Microservices communicate via TLS/SSL, but don't want to set up some Istio Infrastructure for that or some Cert-Managers (it is going to take too loong time),
Seems Like Default Kubernetes DNS Server Does Not Support SSL Internally between the Pods, So, I want to set up my own Traefik Dns Server to manage TLS/SSL certificates, does it possible to do that? (It is probably sounds weird and crazy, but I'm looking for opportunities :) if so, is there any recommendations for that?
Thanks
CodePudding user response:
You have multiple options, either you use the internal CA of k8s or you can use the Cert manager first for CA purposes.
Certmanager would be easy to manage and create the certificates.
Certmanager CA doc : https://cert-manager.io/docs/configuration/ca/
You will get the certificate and other details into the K8s secret so you can use it as per need.
You can mount the k8s secret(storing the details) into the POD and the service can use that certificate further or else you can make your code to trust the all certs from specific CA.
You can also write down the Init container for creating the certificate for microservice with CA details of creating the self-singed certificates using OpenSSL or so.