Are there sufficient benefits in using HTTPS (instead of HTTP) for all internal cluster communication between microservices?
I’m using Azure Kubernetes Service. Single tenant, nothing exotic.
The only obvious threat this avoids is someone who compromises Azure Kubernetes Service itself. (The docs say: “Nodes are deployed into a private virtual network subnet, with no public IP addresses assigned.”)
But if this happens, we seem pretty doomed anyway. And a downside of using HTTPS: adds some complexity.