Summary

This talk was presented at the Utah Kubernetes Meetup. It covers 5 different ways to get mututal TLS inside a Kubernetes cluster. This is an important feature that is often only discussed within the context of a service mesh. This talk proves that mTLS can actually be accomplished a number of ways with various trade offs.

Key Takeaways

• mTLS can be done many different ways
• Every option has trade-offs
• The cloud native community provides some great tools to automate PKI
  • cfssl
  • cert-manager
• A service mesh may be the easiest way but you lose a lot of control

Details

The full source code for the talk can be found at:

• https://github.com/carsonoid/talk-5-flavors-of-mtls-in-kubernetes