Chapter 11. Securely Connecting Components with TLS

In any distributed system, there are different components that need to communicate with each other, and in a cloud native world those components may well be containers exchanging messages with each other or with other internal or external components. In this chapter, you’ll see how secured transport connections allow components to safely send encrypted messages to each other. You’ll explore how components identify themselves to each other and set up secure connections between themselves so that malicious components can’t get involved in these communications.

If you’re familiar with how keys and certificates work, you can safely skip this chapter, as there is nothing particularly container-specific about it. I have included it in this book because in my experience, it’s an area of confusion for many folks who may be coming across these concepts for the first time when they start exploring containers and cloud native tools.

If you are responsible for administering a cloud native system, you will likely need to configure certificates, keys, and certificate authorities for Kubernetes, etcd, or other infrastructure components. These can be notoriously confusing, and installation instructions tend to explain what to do without covering the “why” or the “how.” You may find this chapter useful for understanding the roles that these different pieces play.

Let’s start by considering what we mean by “secure connections.”