Welcome to the Linux Foundation Forum!

Cert pinning in ssl-passthrough

erickpoppe
erickpoppe Posts: 2
edited August 2020 in LFD259 Class Forum

If ssl passthrough is enabled in ingress resource. How is it possible to perform TLS certificate pinning to communicate an app from outside?

Comments

  • serewicz
    serewicz Posts: 1,000

    Hello,

    Could you let us know which part of the course you are referring to. The more details about the issue, the better we can help.

    In general cert, also known as key pinning, is not worth the extra hassle and was deprecated by several vendors in 2017 and Chrome and Firefox removed the option in 2019.

    TLS can be a headache with the dynamic nature of Kubernetes. The use of a service mesh like Istio or Linkerd can add functionality like mTLS. For info on that go here: Automatic mTLS

    Regards,

Categories

Upcoming Training