KubeCon North America 2019 | How Kubernetes Components Communicate Securely in Your Cluster
How do your cluster components talk to each other?
In this expository talk, we’ll first cover the main Kubernetes components that need trusted communication - that is, the API server, kubelet, and etcd, and how this communication is protected. Then, we’ll go over how the cluster certificate authority (CA) works, and how this grants certificates to Kubernetes components. Furthermore, we’ll explain what authentication, integrity, and encryption means, and what options are available in Kubernetes, and what you need to configure to address these pieces of CIS benchmarks. Lastly, we’ll explain how you can protect other communications within your cluster, if needed for your workload - like node to node and pod to pod.
You’ll come away with a better understanding of how communications in Kubernetes work, cluster trust, and default protections.