How to communicate between services in Kubernetes in a secure way
If you want your service to be accessible only from selected pods - you may use Network Policies. They allow to define what pods can talk to what pods on the network level. For example, you may expose your service through ingress and allow only ingress controller to talk to your application. That way you can be sure that your application can only be available through ingress (with authentication) and no other way.
Network Policies are supported only be some network plugins:
- Calico
- Open vSwitch
- Cilium
- Weave
- Romana
communicate between services in Kubernetes in a secure way
Natively, Kubernetes does not provide mutual TLS solution to the services for encrypted communication, that's where Istio with mutual-tls-authenticatione bring this functionality to the platform.
Simply use 'cluster ip' as service type. this would keep your services exposed within cluster. you can use services by their name over Http.
for any service that is talking publicly you may need to use load balancer service type or ingress controller.