Back to all scenarios
Scenario #222
Security
K8s v1.22, Google Cloud

Using HTTP Instead of HTTPS for Ingress Resources

Sensitive applications were exposed using HTTP instead of HTTPS, leaving communication vulnerable to eavesdropping and man-in-the-middle attacks.

Find this helpful?
What Happened

Sensitive application traffic was served over HTTP rather than HTTPS, allowing attackers to potentially intercept or manipulate traffic.

Diagnosis Steps
  • 1Inspected ingress resource configurations and confirmed that TLS termination was not configured.
  • 2Verified that sensitive endpoints were exposed over HTTP without encryption.
Root Cause

Lack of TLS encryption in the ingress resources exposed sensitive traffic to security risks.

Fix/Workaround
• Configured ingress controllers to use HTTPS by setting up TLS termination with valid SSL certificates.
• Redirected all HTTP traffic to HTTPS to ensure encrypted communication.
Lessons Learned

Always use HTTPS for secure communication between clients and Kubernetes applications, especially for sensitive data.

How to Avoid
  • 1Configure TLS termination for all ingress resources to encrypt traffic.
  • 2Regularly audit ingress resources to ensure that sensitive applications are protected by HTTPS.
Previous ScenarioNext Scenario