0

Maybe this is a dumb question, but I really don't know if I have to secure applications with tokens etc. within a kubernetes cluster.

So for example I make a grpc-call from a client within the cluster to a server within the cluster. I thought this should be secure without authenticating the client with a token or something like that, because (if I understood it right) kubernetes pods and services work within a VPN which won't be exposed as long as it's not told to.

But is this really secure, should I somehow build an authorization system within my cluster?

Also how can I use a service to load balance the grpc-calls over the server pods without exposing the server outside the cluster?

Improve this question

1 Answer 1

Reset to default
1

If you have a service, it already has built-in load balancer when you have more than one replica out of the box.

Also Kubernetes traffic is internal within the cluster out of the box, unless you explicitly expose traffic using LoadBalancer, Ingress or NodePort.

Does it mean traffic is safe? No. By default, everything is allowed within Kubernetes cluster so every service can reach every service or pod in StatefulSet apps.

You can use NetworkPolicy to allow traffic from one service to another service and nothing else. That would increase security.

Does it mean traffic is safe now? It depends. Authentication would add an additional security layer in case container is hacked. There could be more scenarios, but I can't think of for now.

So internal authentication is usually used to improve security in production systems.

I hope it answers the question.

Improve this answer
Sign up to request clarification or add additional context in comments.

4 Comments

Okay thanks. So as long as I set everything up the right way and don't mess up anything with my NetworkPolicy, I don't have to use authentication in testing but should use it when in production.
If NetworkPolicy firewall allows only service to service communication, then hacker needs to hack this service to send the request. If you have authentication too, the secret is usually in environment variable so password can be read too in full container take over. Unless it's partially hacked then authentication can add the value. In short, only more complex encryption/decryption mechanism on the fly inside the app could add the value. So it will not be possible to authenticate outside of app (in shell, let's say).
I believe HTTPS could add bigger value, because Kubernetes uses plugins such as Calico where traffic is in IPIP tunnels. They are not encrypted. So if someone can capture packet between nodes, they can see everything in HTTP case. Especially, if the cluster is spread between locations and someone has VPN access or cluster is based on premises.
I would take into account human failure too. If you or other admin exposes traffic outside the cluster and forgets NetworkPolicy. That's disadvantage of not having auth. Of course, I'm happy to hear some critics about my understanding if someone can prove with example scenario of not having auth in this case.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.