Securing external connections to Kubernetes services
An Ingress is a Kubernetes resource that lets you define a reverse proxy that exposes services in your cluster to anything outside your container, including internal infrastructure or the internet.
An Admission Controller intercepts requests to the Kubernetes API server and are used to limit requests to create, delete, modify objects or connect to proxy. For example, the Nginx Admission Controller will reconfigure Nginx for you.
An Ingress Controller is a type of Admission Controller that gets called when an
Ingress resource is created, updated, or deleted, and manages the proxy.
We often talk with users who want to enable mutual TLS authentication (mTLS) for these connections. To add mutual TLS, in addition to issuing server certificates for your Ingress Controllers, you need to issue certificates to the clients connecting into your Kubernetes cluster. These clients could be humans, applications using an API, external services, or any other workload that needs to interact with the cluster.
The Smallstep toolchain is designed to provide reach to all the things in your system. We can automate the issuance and renewal of certificates to secure all your mutual TLS connections. We make it easy to connect users to single sign-on, or unlock the power of internal ACME for automation. Have Questions? We are here to help. Just reach out and ask.