Back to all scenarios
Scenario #205
Security
K8s v1.18, On-Premise

Unencrypted Communication Between Pods Due to Missing TLS Configuration

Communication between microservices in the cluster was not encrypted due to missing TLS configuration, exposing data to potential interception.

Find this helpful?
What Happened

The microservices were communicating over HTTP instead of HTTPS, and there was no mutual TLS (mTLS) configured for secure communication, making data vulnerable to interception.

Diagnosis Steps
  • 1Reviewed service-to-service communication with network monitoring tools and found that HTTP was being used instead of HTTPS.
  • 2Inspected the Ingress and service definitions and found that no TLS secrets or certificates were configured.
Root Cause

Lack of TLS configuration for service communication led to unencrypted communication.

Fix/Workaround
• Configured mTLS between services to ensure encrypted communication.
• Deployed certificates and updated services to use HTTPS for communication.
Lessons Learned

Secure communication between microservices is crucial to prevent data leakage or interception.

How to Avoid
  • 1Always configure TLS for service-to-service communication, especially for sensitive workloads.
  • 2Automate the generation and renewal of certificates.
Previous ScenarioNext Scenario