KubeDojo
mtlsistioencryptioncksciliumwireguard

Pod-to-Pod Encryption with Cilium and Istio

AK
by Alexis Kinsella··16 min read
Pod-to-Pod Encryption with Cilium and Istio

Every curl between pods in your cluster travels in plaintext. The Kubernetes networking model requires that every pod can reach every other pod without NAT. CNI plugins implement this by building overlay networks or configuring native routing. None of them encrypt traffic by default.

That design assumes the underlying network is trusted. In practice, the assumption breaks when it matters most:

Sign in to access this lesson

Create a free account or sign in to enroll in the CKS — Certified Kubernetes Security Specialist course and access all 25 lessons.

CKS — Certified Kubernetes Security Specialist

25 lessons

Sign inCreate account
Browse the full course curriculum →