I am new to cilium and cluster mesh, I wanted to know if cilium cluster mesh supports mTLS or if it is by default implemented when we connect two clusters ?
while going through official docs I came across Security Policies As addressing and network security are decoupled, network security enforcement automatically spans across clusters. Note that Kubernetes security policies are not automatically distributed across clusters, it is your responsibility to apply CiliumNetworkPolicy or NetworkPolicy in all clusters.
Does it mean when we connect two clusters both the cluster do mutual authentication and then the same connection is treated to be mutually authenticated and used for communication between clusters ?
1 Answer 1
It's correct that with Cilium Cluster Mesh, network policies can span multiple clusters in the mesh. Unfortunately, the same is not yet true for Mutual Authentication.
From its documentation:
There is no current option to build a single trust domain across multiple clusters for combining Cluster Mesh and Service Mesh. Therefore clusters connected in a Cluster Mesh are not currently compatible with Mutual Authentication.
Cilium Mutual Authentication is still in beta and therefore likely to improve a lot over the coming months.