This research spike is to look into various options around securing communication between our services.

This includes inter pod communication, where the pods exist within the same K8S or OpenShift cluster. As well as how to secure connections coming from outside of the cluster (such as using a k8s ingress or OpenShift route).

We will need to investigate that existing technology exists and what others are doing to accomplish these types of goals.

There are two initial thoughts on how we could accomplish this, but there may be more that we have not considered yet:

• configuration at the application level. For instance, if we have a java application, this would be accomplished by passing a keystore and truststore to the application. These stores could be created by the operator, configured in an init container from existing certificates (such as service serving certificates), etc
• security sidecars. This would have a sidecar that routes all traffic external to the pod to the application. This sidecar could handle certificates and setup an https endpoint

As a research spike, the goal of this task is not to solve this solution or work on an implementation. The goal is to do research, engage with the rest of the team and have a discussion around what our possible options are. The end result is a plan for the implementation.