简体繁体 English

Kubernetes - 我是否需要在pod中使用https进行容器通信？

[英]Kubernetes - do I need to use https for container communication inside a pod?

原文 2018-01-30 11:15:22 4 1 networking/ https/ kubernetes/ containers

Been googling it for a while and can't figure out the answer: suppose I have two containers inside a pod, and one has to send the other some secrets. 谷歌搜索了一段时间，无法找到答案：假设我有一个容器内的两个容器，一个必须发送另一些秘密。 Should I use https or is it safe to do it over http? 我应该使用https还是通过http进行安全？ If I understand correctly, the traffic inside a pod is firewalled anyway, so you can't eavesdrop on the traffic from outside the pod. 如果我理解正确，那么pod中的流量无论如何都是防火墙，所以你无法窃听pod外部的流量。 So... no need for https? 那么......不需要https？

1 个解决方案

Containers inside a Pod communicate using the loopback network interface, localhost. Pod内的容器使用环回网络接口localhost进行通信。

TCP packets would get routed back at IP layer itself, if the address is localhost. 如果地址是localhost，TCP数据包将在IP层自身路由回来。

It is implemented entirely within the operating system's networking software and passes no packets to any network interface controller. 它完全在操作系统的网络软件中实现，并且不将任何数据包传递给任何网络接口控制器。 Any traffic that a computer program sends to a loopback IP address is simply and immediately passed back up the network software stack as if it had been received from another device. 计算机程序发送到环回IP地址的任何流量都可以简单地立即传回网络软件堆栈，就像从另一个设备接收一样。

So when communication among Containers inside a Pod, it is not possible to get hijacked/ altered. 因此，当Pod内容器之间的通信时，不可能被劫持/改变。

If you want to understand more, take a look understanding-kubernetes-networking 如果您想了解更多，请了解一下kubernetes-networking

Hope it answers your question 希望它能回答你的问题