As we know the AG terminates the TLS post WAF validations and verifications. Post that the communication between the pods are normally unsecured. Though it is claimed as the highly secured if that layer is compromised the traffic goes unencrypted.
Few Options that helped:
- Use Re-Encryption at AG Ingress layer
- Use Istio side car mechanism
- AG Private with certificate that consumes from public
#k8s #securehttps #encryptiontls #networking
Thoughts Map 