Need help on how to configure TLS/SSL on k8s cluster for internal pod to pod communication over https. Able to curl http://servicename:port over http but for https i am ending up with NSS error on client pod.
I generated a self signed cert with CN=*.svc.cluster.local (As all the services in k8s end with this) and i am stuck on how to configure it on k8s.
Note: i exposed the main svc on 8443 port and i am doing this in my local docker desktop setup on windows machine.
- No Ingress → Because communication happens within the cluster itself.
- Without any CRD(custom resource definition) cert-manager
Kubernetes doesn’t seem to handle SSL termination. Looking at the service documentation there is some support from cloud providers for exposed services. If you’re just aiming to have a ClusterIP service, your application probably needs to be configured to handle it’s own SSL.
Thank you so much for the response. is my approach of generating a self signed certificate for CN=*.svc.cluster.local is correct, to enable https communication between the pods. if i create a secret of type tls and mount it there, will i be able to make https like below https://:port/health, where svcname is a service of type clusterIP.
i created a selfsigncert with the CN=*.svc.cluster.local, this has wild card character *. I used CN this way because, every svc in k8s end with svc.cluster.local. i wrote a script which spins up two pods ( main and client) client pod invokes few main pod apis and exits. once the job is done, it kill the pods. There is no scope for external communication. Please let me know the best approach for this usecase. communication over http is happening, wherea on https its closing the connection. Thanks in advance