Hi, I am looking for establishing mTLS between 2 Pods without using any service-mesh(either Istio or linkerd). Can anyone please share details on this e.g. how to create certificate for Pods, who to configure as CA (self signed or ?) and how to inject the certificates on the Pods so they can communicate using mTLS. Thank you.
@debu3645 , It will be extremely hard to manage mTLS without using service mesh. You need to configure at the application level and different applications will have to support different algorithms. It is clearly mentioned in one of our CKS lectures.
@tgp Thanks for the response. Could you share the chapter which talks about issues due to application handling mTLS. The reason for not going with service-mesh is it impacts the footprint and latency and this compels me to have mTLS without s/mesh and its fine for me to manage mTLS certificates.
@debu3645 , You can check in our CKS course, the last two sections under Minimize Microservice Vulnerabilities.