Many organizations, surprisingly, still do things like using Kubernetes with TLS terminated at the ingress. In that case, you just need the splitter in the same network as the nodes hosting the ingress controller. Or inspect the unencrypted traffic within the cluster.
It takes a non-trivial amount of work to set up a service mesh (and mutual TLS between services), so many k8s clusters end up with unencrypted traffic inside the cluster network.
How do they inspect traffic when most is https?
In this case we're talking about P2P traffic, which is generally not HTTPS. The linked issue references WebRTC https://en.wikipedia.org/wiki/WebRTC
Encrypted by Cloudflare, so they just use the keys to decrypt it again.
Many organizations, surprisingly, still do things like using Kubernetes with TLS terminated at the ingress. In that case, you just need the splitter in the same network as the nodes hosting the ingress controller. Or inspect the unencrypted traffic within the cluster.
It takes a non-trivial amount of work to set up a service mesh (and mutual TLS between services), so many k8s clusters end up with unencrypted traffic inside the cluster network.
1 reply →